Bug 59227 - kernel RPM upgrades change permissions on /boot/grub/grub.conf
Summary: kernel RPM upgrades change permissions on /boot/grub/grub.conf
Alias: None
Product: Red Hat Linux
Classification: Retired
Component: mkinitrd (Show other bugs)
(Show other bugs)
Version: 7.3
Hardware: athlon Linux
Target Milestone: ---
Assignee: Matt Wilson
QA Contact: Brian Brock
Keywords: Security
Depends On:
TreeView+ depends on / blocked
Reported: 2002-02-03 01:52 UTC by Need Real Name
Modified: 2007-04-18 16:39 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2002-06-20 15:43:14 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

Description Need Real Name 2002-02-03 01:52:02 UTC
Description of Problem:
After installing Red Hat 7.2, I proceeded to apply all available errata updates.
   At this point I noticed that the kernel RPMs set world-readable permissions
on /boot/grub/grub.conf.  This is not desireable because it contains the [hash
of the] bootloader password.

Version-Release number of selected component (if applicable):
kernel-2.4.9-13 - i686, Athlon
kernel-2.4.9-21 - i686, Athlon
Possibly others (the above are the only ones I've checked).

How Reproducible:
Install a kernel RPM.

Actual Results:
World-readable /boot/grub/grub.conf

Expected Results:
Do not modify permissions of /boot/grub/grub.conf

P.S. IIRC, the permissions on grub.conf were also set world-readable by the
initial installation of the operating system -- also an undesireable condition.
 However I cannot test this now to confirm.  (I later set them 0600.)

Comment 1 Erik Troan 2002-05-21 02:46:55 UTC
don't know why this happened...

grubby creates files "normally", so root's umask should give proper permissions.
if this persists, try "touch /tmp/a" as root and see what those permissions look
like. let us know if things stay strange

I did change grubby to copy permissions from the old config file though, but it
may not have helped here?

Comment 2 Need Real Name 2002-06-20 15:43:08 UTC
Hey folks, this bug is still here.  I'm running on an Athlon system (same as
before), I've since upgraded to 7.3 and I just installed the kernel-2.4.18-5
update.  I checked the permissions on /boot/grub/grub.conf before the update and
they were 0600.  Now, after the update, they are 0644.

My umask (I ran up2date) is 0022, but the copying of the old permissions to the
new grub.conf doesn't appear to be working.


Comment 3 Erik Troan 2002-06-21 20:46:02 UTC
you need the latest mkinitrd package; new then the one in 7.3 (look in rawhide)

Note You need to log in before you can comment on or make changes to this bug.