Red Hat Bugzilla – Bug 59227
kernel RPM upgrades change permissions on /boot/grub/grub.conf
Last modified: 2007-04-18 12:39:42 EDT
Description of Problem:
After installing Red Hat 7.2, I proceeded to apply all available errata updates.
At this point I noticed that the kernel RPMs set world-readable permissions
on /boot/grub/grub.conf. This is not desireable because it contains the [hash
of the] bootloader password.
Version-Release number of selected component (if applicable):
kernel-2.4.9-13 - i686, Athlon
kernel-2.4.9-21 - i686, Athlon
Possibly others (the above are the only ones I've checked).
Install a kernel RPM.
Do not modify permissions of /boot/grub/grub.conf
P.S. IIRC, the permissions on grub.conf were also set world-readable by the
initial installation of the operating system -- also an undesireable condition.
However I cannot test this now to confirm. (I later set them 0600.)
don't know why this happened...
grubby creates files "normally", so root's umask should give proper permissions.
if this persists, try "touch /tmp/a" as root and see what those permissions look
like. let us know if things stay strange
I did change grubby to copy permissions from the old config file though, but it
may not have helped here?
Hey folks, this bug is still here. I'm running on an Athlon system (same as
before), I've since upgraded to 7.3 and I just installed the kernel-2.4.18-5
update. I checked the permissions on /boot/grub/grub.conf before the update and
they were 0600. Now, after the update, they are 0644.
My umask (I ran up2date) is 0022, but the copying of the old permissions to the
new grub.conf doesn't appear to be working.
you need the latest mkinitrd package; new then the one in 7.3 (look in rawhide)