The configuration file can potentially contain sensitive data, ... well, passwords are not yet implemented. Lubomir Rintel diff -urp grub2.orig/util/update-grub.in grub2/util/update-grub.in --- grub2.orig/util/update-grub.in 2008-08-07 21:58:17.000000000 +0200 +++ grub2/util/update-grub.in 2008-08-07 22:01:44.000000000 +0200 @@ -170,7 +170,7 @@ exec > ${grub_cfg}.new # Allow this to fail, since /boot/grub/ might need to be fatfs to support some # firmware implementations (e.g. OFW or EFI). -chmod 444 ${grub_cfg}.new || true +chmod 600 ${grub_cfg}.new || true echo "Updating ${grub_cfg} ..." >&2