LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Home Forums Tutorials Articles Register
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
Reload this Page /etc/grub2/grubenv --> change the permissions to 600
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 01-18-2024, 10:52 PM   #1
ratan61
LQ Newbie
 
Registered: Aug 2023
Posts: 29

Rep: Reputation: 0
/etc/grub2/grubenv --> change the permissions to 600

Hello All ,

The following is suggested by security team , they are suggesting to change the permissions of the following file : /etc/grub2/grubenv to 600 as not everyone can modify the parameters except root. After changing the permissions of this file,it is working. while I tried to perform the yum update and it is also successful. Now, while checking the transaction history , I see the following :


1 Creating group 'sgx' with GID 989.
2 Creating group 'systemd-oom' with GID 988.
3 /etc/gshadow: Group "sgx" already exists.
4 /usr/sbin/weak-modules: line 1086: cd: /lib/modules/5.14.0-284.18.1.el9_2.x86_64/weak-updates: No such file or directory
5 warning: file /lib/modules/5.14.0-284.18.1.el9_2.x86_64/modules.builtin.modinfo: remove failed: No such file or directory
6 warning: file /lib/modules/5.14.0-284.18.1.el9_2.x86_64/modules.builtin: remove failed: No such file or directory
7 grub2-editenv: error: invalid environment block.
8 grub2-editenv: error: invalid environment block.
9 grub2-editenv: error: invalid environment block.
10 grub2-editenv: error: invalid environment block.
11 grub2-editenv: error: invalid environment block.
12 grub2-editenv: error: invalid environment block.
13 grub2-editenv: error: invalid environment block.
14 grub2-editenv: error: invalid environment block.
15 grub2-editenv: error: invalid environment block.
16 grub2-editenv: error: invalid environment block.
17 grub2-editenv: error: invalid environment block.


I'm not able to figure out that changing the file permissions of grubenv is actually causing the issue?
Also , to rectify this , I have to move this and then regenerate the grub file once again. The existing grubenv file is moved to /tmp location and then again I regenerated grub file where it generated grubenv file and it is normal. Do you think, changing the permissions is actually causing an issue ?

Also after re-generating grub file, I changed back the permissions to 600 again to the grubenv file.
I see no issues now but I had no chances to even upgrade the server with latest patches since the server is already upgraded to the latest kernel. Please someone help on this one, how far changing permissions will cause issues like above. Also , serevr is able to boot without any issues when it comes to changing the permissions but ignoring errors is not also recommended.
 
Old 01-20-2024, 10:00 PM   #2
GlennsPref
Senior Member
 
Registered: Apr 2004
Location: Brisbane, Australia
Distribution: Devuan
Posts: 3,657
Blog Entries: 33

Rep: Reputation: 283Reputation: 283Reputation: 283
Hi, what OS are you using?

I have followed a few hardening tutes and some are so secure I can't login, some refuse to boot.

Check with your security team for clarification of their advice.
 
Old 01-21-2024, 08:04 AM   #3
ratan61
LQ Newbie
 
Registered: Aug 2023
Posts: 29

Original Poster
Rep: Reputation: 0
I'm using RHEL9.3 .
 
  


Reply



Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
grub2 can't see my win 7 partition and yast2 bootloader can't reinstall grub2 jjrojaspy SUSE / openSUSE 5 07-07-2013 10:38 PM
kcm-grub2 - No valid GRUB2/BURG installation could be detected cristi92b Linux - Newbie 2 06-14-2012 08:01 AM
[SOLVED] GRUB2 after a minor update of GRUB2 /boot prefix no longer needed?? wikapuki Linux - Software 1 10-24-2010 02:39 PM
/etc/resolv.conf permissions are 600 and name lookups fail for other users? RaelOM Solaris / OpenSolaris 7 10-16-2009 12:45 PM
Uploaded files via web interface get a 600 permissions - how can I change this? muskiediver Linux - Newbie 0 07-21-2006 09:11 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 02:36 PM.

Contact Us - Advertising Info - Rules - Privacy - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration