On Thu, Sep 26, 2013 at 12:56 AM, Kay Sievers <k...@vrfy.org> wrote: > On Thu, Sep 26, 2013 at 12:38 AM, Tom Gundersen <t...@jklm.no> wrote: >> Force 0600 and root:root instead, to avoid problems with fat filesystems. > > Sounds fine to me, to enforce root permissions.
Boot kernel was world readable, and it makes sense. Why making them root only readable is a good idea? If your /boot is a FAT filesystem, the world readable rights are handled by your mount options. On non UEFI systems, world readable rights set by kernel-install matter. > If people want special permissions, they can always drop-in their own > install.d/ callout to mangle them. This means maintain it's own generator, it's a bit boring for just being able to check the size of your installed kernel. The opposite logic seems more appropriate. Cheers, -- Sébastien "Seblu" Luttringer https://www.seblu.net GPG: 0x2072D77A _______________________________________________ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
