Bug 59227

Summary: kernel RPM upgrades change permissions on /boot/grub/grub.conf
Product: [Retired] Red Hat Linux Reporter: Need Real Name <vader>
Component: mkinitrdAssignee: Matt Wilson <msw>
Status: CLOSED RAWHIDE QA Contact: Brian Brock <bbrock>
Severity: medium Docs Contact:
Priority: medium    
Version: 7.3CC: ewt, redhat-bugzilla
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: athlon   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2002-06-20 15:43:14 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Need Real Name 2002-02-03 01:52:02 UTC 
Description of Problem:
After installing Red Hat 7.2, I proceeded to apply all available errata updates.
   At this point I noticed that the kernel RPMs set world-readable permissions
on /boot/grub/grub.conf.  This is not desireable because it contains the [hash
of the] bootloader password.


Version-Release number of selected component (if applicable):
kernel-2.4.9-13 - i686, Athlon
kernel-2.4.9-21 - i686, Athlon
Possibly others (the above are the only ones I've checked).


How Reproducible:
Install a kernel RPM.


Actual Results:
World-readable /boot/grub/grub.conf


Expected Results:
Do not modify permissions of /boot/grub/grub.conf


P.S. IIRC, the permissions on grub.conf were also set world-readable by the
initial installation of the operating system -- also an undesireable condition.
 However I cannot test this now to confirm.  (I later set them 0600.)
Comment 1 Erik Troan 2002-05-21 02:46:55 UTC 
don't know why this happened...

grubby creates files "normally", so root's umask should give proper permissions.
if this persists, try "touch /tmp/a" as root and see what those permissions look
like. let us know if things stay strange

I did change grubby to copy permissions from the old config file though, but it
may not have helped here?
Comment 2 Need Real Name 2002-06-20 15:43:08 UTC 
Hey folks, this bug is still here.  I'm running on an Athlon system (same as
before), I've since upgraded to 7.3 and I just installed the kernel-2.4.18-5
update.  I checked the permissions on /boot/grub/grub.conf before the update and
they were 0600.  Now, after the update, they are 0644.

My umask (I ran up2date) is 0022, but the copying of the old permissions to the
new grub.conf doesn't appear to be working.

Thanks.
Comment 3 Erik Troan 2002-06-21 20:46:02 UTC 
you need the latest mkinitrd package; new then the one in 7.3 (look in rawhide)