Re: chmod of generated grub.cfg

[address@hidden]

On Sun, Sep 6, 2009 at 12:22 PM, Vladimir 'phcoder'
Serbinenko<address@hidden> wrote:
> On Sun, Sep 6, 2009 at 3:38 PM, Colin Watson<address@hidden> wrote:
>> On Sun, Sep 06, 2009 at 02:29:03PM +0200, Felix Zielcke wrote:
>>> Currently grub-mkconfig uses chmod 444 on the newly generated grub.cfg
>>> Wouldn't it be better to use 400 now that we have plaintext password
>>> support?
>>> Or should we add support for a GRUB_CHMOD variable so users can override
>>> this setting as they please?
>>
>> I'd prefer to see this done only if they set a password. A GRUB_CHMOD
>> variable seems overkill, though.
> Is there a reason a non-root would like to look at grub.cfg on
> production system? Developers can always override chmod. If there is
> no real reason for non-root to look into grub.cfg I would follow the
> best friend in security considerations called "paranoia" and just use
> mode 400

Shouldn't it be u+rw anyway, or 0600 ?