On Thu, Sep 26, 2013 at 1:13 AM, Sébastien Luttringer <se...@seblu.net> wrote: > On Thu, Sep 26, 2013 at 12:56 AM, Kay Sievers <k...@vrfy.org> wrote: >> On Thu, Sep 26, 2013 at 12:38 AM, Tom Gundersen <t...@jklm.no> wrote: >>> Force 0600 and root:root instead, to avoid problems with fat filesystems. >> >> Sounds fine to me, to enforce root permissions. > > Boot kernel was world readable, and it makes sense. Why making them > root only readable is a good idea?
Sure, 0644 sounds fine too. > If your /boot is a FAT filesystem, the world readable rights are > handled by your mount options. Right, systemd by default does don't allow to read anything in /boot. /boot needs to be added to /etc/fstab if it should be readable by ordinary users. > On non UEFI systems, world readable rights set by kernel-install matter. Why would that matter? >> If people want special permissions, they can always drop-in their own >> install.d/ callout to mangle them. > This means maintain it's own generator, It's not a generator, they are different things in systemd. It would just be a /usr/lib/kernel/install.d/*.install snippet. > it's a bit boring for just > being able to check the size of your installed kernel. Check the size and file permissions? You don't need access to check its size, do you? > The opposite logic seems more appropriate. 0644 sounds good to me too, sure, as long as we have a defined default. Kay _______________________________________________ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel