1

Ok, so I've been debugging the last update of my system and found this warning running journalctl -b -p warning:

systemd-cryptsetup: Key file <location> is world-readable. This is not a good idea!

Generally I understand what is the matter and that it's bad. Though I don't know how to fix this properly without ruining my boot.

Then comes the question: what permissions do I have to set for that file to make my system working correctly while removing the warning? Is 600 ok? Or do some system groups also need an access to this file?

Improve this question
2
  • 2
    Some quick googling around suggests that 600 is a good permission set for the keyfile. Commented Mar 20, 2017 at 23:28
  • @DopeGhoti I also think so but posted here to make sure It's indeed the way to go. Commented Mar 20, 2017 at 23:34

1 Answer 1

Reset to default
1

Ok, so indeed 600 permissions are considered a good and the only good practice for securing a key file (source: archwiki).

Also the tricky thing here is that when the kernel is updated initramfs generation procedure resets the key file permission to 644 which basically allows to dump it's content.

That means that after each kernel update the right permission set should be restored by user.

Improve this answer

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.