You are not logged in.

#1 2019-03-29 08:04:15

itsmattson
Member
Registered: 2018-11-22
Posts: 9

[SOLVED] What are the permissions of /boot and files/dirs under it

Hi all,

During my build some many moons ago, I used chmod -R to recursively remove go=rwx access to /boot and all sub-dirs and files. During the pacman updates, I often get 'warned' that my permissions differ to the package.

Is there a method to find out what Arch's default permissions are for /boot and everything under it?

This hasn't caused me issues but I figure that the defaults must be secure anyway and I would rather trust in that so that I won't have to see the below again.

(316/370) upgrading linux                          [######################] 100%
warning: directory permissions differ on /boot/
filesystem: 700  package: 755

If anybody might know, I'd appreciate the guidance. Thanks!

Last edited by itsmattson (2019-03-29 12:35:47)

Offline

#2 2019-03-29 08:10:36

schard
Member
From: Hannover
Registered: 2016-05-06
Posts: 326
Website

Re: [SOLVED] What are the permissions of /boot and files/dirs under it

package: 755

well there's your answer.
By, the way. Since I use EFI boot with a FAT32 EFI partition mounted at /boot, the files under /boot actually do not have any permissions at all.

Last edited by schard (2019-03-29 08:35:49)

Offline

#3 2019-03-29 08:34:46

itsmattson
Member
Registered: 2018-11-22
Posts: 9

Re: [SOLVED] What are the permissions of /boot and files/dirs under it

schard wrote:
package: 755

well there's your answer.

Almost smile

I used chmod -R so how would I learn of the original permissions of the sub directories and files? Might be best to spin up an Arch VM maybe just for this.

Offline

#4 2019-03-29 08:38:24

schard
Member
From: Hannover
Registered: 2016-05-06
Posts: 326
Website

Re: [SOLVED] What are the permissions of /boot and files/dirs under it

Try

pacman -Qkk

Offline

#5 2019-03-29 09:27:26

V1del
Forum Moderator
Registered: 2012-10-16
Posts: 6,582

Re: [SOLVED] What are the permissions of /boot and files/dirs under it

Most of the subdirectories and files in /boot are created by generator utilities (mkinitcpio, boot loader config updaters) and will not be tracked by pacman and do not have "original" permissions.

General standard permissions for non executable files are 644 and 755 for directories.

FWIW, what filesystem do you have there? If it is ext4 it should just be ensured that root can read and write, so that your bootloader can read information from it and kernel updates can write the vmlinuz image to it. If this is an UEFI system and you've followed the general recommendation and the partition is actually a FAT variant the permissions you are setting don't matter, as they will not actually be present, and will be faked during mount/chmod -R.

Instead of broadly asking, you might want to elaborate on what specifically drove you to run a chmod over that. And what exact configuration you specifically are using, the files in the /boot directory will vary wildly depending on bootloader used. What are your "security concerns" ? The /boot partition is one of the least interesting parts of your system, all of that information you might have present there could be gleaned from other places.

Last edited by V1del (2019-03-29 09:33:53)

Offline

#6 2019-03-29 12:34:09

itsmattson
Member
Registered: 2018-11-22
Posts: 9

Re: [SOLVED] What are the permissions of /boot and files/dirs under it

Hi V1del,

Thanks for the recommendation. To elaborate - I removed Group and Other permissions recursively from /boot about 8 months ago because I didn't believe it to require them, when I was installing Arch and GRUB. I thought maybe that was smart and it hasn't caused me any issues to my knowledge but now I'm thinking the defaults (0755 dirs / 0644 files) posed no threat and I might be best to change them back. I wouldn't have thought about it but I read the pacman -Syu output and the warning about the difference made me want to undo my chmod. (for no real reason other than not being 100% sure that removing Group/Other perms hasn't broken something; which was originally done on impulse)

Filesystem is ext4 and GRUB installed via BIOS/MBR configuration (grub-install --target=i386-pc) - old PC :[

I'm all sorted now though, thank you both. I did as earlier mentioned and installed Arch on a VM and found that the 0755/0644 permissions you mentioned are spot on throughout my /boot and /boot/grub (except grub.cfg which is 0600). I've set the permissions of all files in /boot and /boot/grub back to what they show on the fresh install.

Thanks again!

Last edited by itsmattson (2019-03-29 12:38:50)

Offline

Board footer

Powered by FluxBB