Bug 59227 - kernel RPM upgrades change permissions on /boot/grub/grub.conf
kernel RPM upgrades change permissions on /boot/grub/grub.conf
Status: CLOSED RAWHIDE
Product: Red Hat Linux
Classification: Retired
Component: mkinitrd (Show other bugs)
7.3
athlon Linux
medium Severity medium
: ---
: ---
Assigned To: Matt Wilson
Brian Brock
: Security
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2002-02-02 20:52 EST by Need Real Name
Modified: 2007-04-18 12:39 EDT (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2002-06-20 11:43:14 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Need Real Name 2002-02-02 20:52:02 EST
Description of Problem:
After installing Red Hat 7.2, I proceeded to apply all available errata updates.
   At this point I noticed that the kernel RPMs set world-readable permissions
on /boot/grub/grub.conf.  This is not desireable because it contains the [hash
of the] bootloader password.


Version-Release number of selected component (if applicable):
kernel-2.4.9-13 - i686, Athlon
kernel-2.4.9-21 - i686, Athlon
Possibly others (the above are the only ones I've checked).


How Reproducible:
Install a kernel RPM.


Actual Results:
World-readable /boot/grub/grub.conf


Expected Results:
Do not modify permissions of /boot/grub/grub.conf


P.S. IIRC, the permissions on grub.conf were also set world-readable by the
initial installation of the operating system -- also an undesireable condition.
 However I cannot test this now to confirm.  (I later set them 0600.)
Comment 1 Erik Troan 2002-05-20 22:46:55 EDT
don't know why this happened...

grubby creates files "normally", so root's umask should give proper permissions.
if this persists, try "touch /tmp/a" as root and see what those permissions look
like. let us know if things stay strange

I did change grubby to copy permissions from the old config file though, but it
may not have helped here?
Comment 2 Need Real Name 2002-06-20 11:43:08 EDT
Hey folks, this bug is still here.  I'm running on an Athlon system (same as
before), I've since upgraded to 7.3 and I just installed the kernel-2.4.18-5
update.  I checked the permissions on /boot/grub/grub.conf before the update and
they were 0600.  Now, after the update, they are 0644.

My umask (I ran up2date) is 0022, but the copying of the old permissions to the
new grub.conf doesn't appear to be working.

Thanks.
Comment 3 Erik Troan 2002-06-21 16:46:02 EDT
you need the latest mkinitrd package; new then the one in 7.3 (look in rawhide)

Note You need to log in before you can comment on or make changes to this bug.