[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: chmod of generated grub.cfg

From: address@hidden
Subject: Re: chmod of generated grub.cfg
Date: Sun, 6 Sep 2009 20:21:12 -0500

On Sun, Sep 6, 2009 at 12:22 PM, Vladimir 'phcoder'
Serbinenko<address@hidden> wrote:
> On Sun, Sep 6, 2009 at 3:38 PM, Colin Watson<address@hidden> wrote:
>> On Sun, Sep 06, 2009 at 02:29:03PM +0200, Felix Zielcke wrote:
>>> Currently grub-mkconfig uses chmod 444 on the newly generated grub.cfg
>>> Wouldn't it be better to use 400 now that we have plaintext password
>>> support?
>>> Or should we add support for a GRUB_CHMOD variable so users can override
>>> this setting as they please?
>> I'd prefer to see this done only if they set a password. A GRUB_CHMOD
>> variable seems overkill, though.
> Is there a reason a non-root would like to look at grub.cfg on
> production system? Developers can always override chmod. If there is
> no real reason for non-root to look into grub.cfg I would follow the
> best friend in security considerations called "paranoia" and just use
> mode 400

Shouldn't it be u+rw anyway, or 0600 ?

reply via email to

[Prev in Thread] Current Thread [Next in Thread]