Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Permission of grub/menu.lst is not persistent #296

Open
vbatts opened this issue Dec 11, 2020 · 3 comments
Open

Permission of grub/menu.lst is not persistent #296

vbatts opened this issue Dec 11, 2020 · 3 comments
Labels
kind/bug Something isn't working

Comments

@vbatts
Copy link
Member

vbatts commented Dec 11, 2020

Description

/boot/boot/grub/menu.lst permissions are 0755, and setting it to 0644 or 0600 is gone on reboot.

This could also be fixed by enforcing the permission by whatever is resetting it on boot

Impact

Low impact, just that the file is world readable, and doesn't need to be executable

Environment and steps to reproduce

  1. Set-up: tested on 2605.9.0 in qemu
  2. Action(s):
    a. chmod 0600 /boot/boot/grub/menu.lst
    b. systemctl reboot
    c. stat /boot/boot/grub/menu.lst
@vbatts vbatts added the kind/bug Something isn't working label Dec 11, 2020
@pothos
Copy link
Member

pothos commented Jan 28, 2022

It's a FAT filesystem and won't store permissions, or?

@jepio
Copy link
Member

jepio commented Jan 28, 2022

/boot is a FAT filesystem, it doesn't support permissions. It has to be FAT because that's the EFI boot partition. So we can't fix this.

@jepio jepio closed this as completed Jan 28, 2022
@jepio
Copy link
Member

jepio commented Jan 31, 2022

Reopening: we should mount with the umask=0077 option. The unit is here: https://github.com/flatcar-linux/init/blob/flatcar-master/systemd/system/boot.mount.

@jepio jepio reopened this Jan 31, 2022
justdan96 added a commit to justdan96/init that referenced this issue Jan 16, 2024
@justdan96
Restrict Permissions of grub/menu.lst
f18612f 
This is described in the following issue:
flatcar/Flatcar#296

Setting the `Options=umask` parameter as that behaviour is well documented by systemd: https://www.freedesktop.org/software/systemd/man/latest/systemd.mount.html#Options.
@justdan96 justdan96 mentioned this issue Jan 16, 2024
Open
2 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
kind/bug Something isn't working
Projects
Flatcar tactical, release planning, and roadmap
Status: 🪵Backlog
Milestone
No milestone
Development

No branches or pull requests
3 participants
@vbatts @pothos @jepio