On 05/05/2016 12:22, JingYuan Chen wrote:
When grub or new kernel was installed in boot partition, their
permission can be determined by umask.
That is incorrect. Permissions are what you see with ls -l or stat.
umask is nothing more than a convenience for the user to set a default
Why set boot partition as noauto or ro in fstab ? What's the advantage ?
Because many people do not want /boot mounted at all during use. That
volume is only ever needed in 2 cases:
1. During boot when a kernel is loaded
2. Installing a new kernel image and updating a boot loader or config
Many people like to keep /boot unmounted during normal use when updating
is a deliberate action and the sysadmin must do it. It helps prevent
accidental mistakes and wayward processes doing stupid things.
It's a good viewpoint and you'll see why folks do it the next time you
render your own machine unbootable
On May 5, 2016 1:46 AM, "James" <[email protected]
<mailto:[email protected]>> wrote:
Neil Bothwick <neil <at> digimed.co.uk <http://digimed.co.uk>> writes:
> > Therefore, I check the configuration of grub2 and fstab. Then I
found
> > that I forgot to modify mount options in fstab.
> > The option of my boot partition was set as noauto. So that I
don't use
> > the kernel compiled by myself at all.
> We've all done that. Now I mount /boot as ro in fstab. That way, if I
> forget to remount it before installing a kernel I get an error
message
> instead of the kernel just disappearing.
Perhaps a documentation bug should be filed against the handbook or
other
gentoo doc explaining some of the security and other approaches
and *why* various approaches are used with mounting strategies for
/boot/ is
warranted?
That way, if folks miss it, we can just refer them to the docs and
elaborate
a bit. Me, I like to keep lots of kernels around for a variety
of reasons. Maybe in the GSoC effort (Kernelconfig) is a better place to
implement some explanation on the choices of what to do with /boot/
? [1]
Anyway, I'm glad to hear that all is fine now.
James
[1]
https://wiki.gentoo.org/wiki/Google_Summer_of_Code/2016/Ideas/kernelconfig
