Re: Mounting EFI partition: default to `uid=0,gid=0`

To: Danny van Heumen <danny@dannyvanheumen.nl>, Steve McIntyre <steve@einval.com>, debian-boot@lists.debian.org
Subject: Re: Mounting EFI partition: default to `uid=0,gid=0`
From: Pascal Hambourg <pascal@plouf.fr.eu.org>
Date: Tue, 21 Nov 2023 22:12:31 +0100
Message-id: <[🔎] bc5af955-0900-4a4c-96be-554e1743deab@plouf.fr.eu.org>
In-reply-to: <[🔎] BK-ZudvX453yMjO0kHy84134iGeI25aGA9gGZWlYpr0tSlf5nMPzxkNaCGM-l9rWfA672OJi4HWX8ejHWhmxNVb9z1qQqGwfF3n4WpanUCw=@dannyvanheumen.nl>
References: <[🔎] QxwVxam_SZKxS-RI2A0KBtWoR8cXz4HD7YMiLHamhwLV9zVR0X9fgOkFcEyTAFLfyg9rMYKLqPHapzc6O4iJduosNNLnOLDODyhMCUHxSGs=@dannyvanheumen.nl> <[🔎] fec9a69d-850d-46df-8fe4-6ed6d081f9d1@plouf.fr.eu.org> <[🔎] KQ8fZxR6mI65VgzELlalRH9ZLW5ESYm3zXNBumczil89ia3xkzEOosuHoyW893eP7rRFIPnr09r4VYM-IAZbXx3dzHy6KlX3lNC-YsdkVCk=@dannyvanheumen.nl> <[🔎] zRcjN266gH1yCNQ80Z-lAT2uS-Fg-tg471WwHvCXV6tVopEEdYr7F31gj0W5lVj7eRBbSq_Z80_ohnTGBr1hMcRs3kKkQZmBl5Uc1sHYRjs=@dannyvanheumen.nl> <[🔎] 20231121155952.GZ2875529@tack.einval.com> <[🔎] CQosUVlRVPsdz75KYrX57xN963vAFdyIdH-19foMZe7QL4_8CWVrStwIDgGsLvgC3hAjTMmCz5VQHgtbkxaaaA4UCViiVboH9ClRavRJwRE=@dannyvanheumen.nl> <[🔎] 20231121195603.GW7626@tack.einval.com> <[🔎] BK-ZudvX453yMjO0kHy84134iGeI25aGA9gGZWlYpr0tSlf5nMPzxkNaCGM-l9rWfA672OJi4HWX8ejHWhmxNVb9z1qQqGwfF3n4WpanUCw=@dannyvanheumen.nl>

On 21/11/2023 at 21:35, Danny van Heumen wrote:


I noticed that the mount-configuration in `/etc/fstab`, by default, relies on an *implicit* assumption for the ownership of the ESP to /boot/efi, i.e.  'root' (uid 0) only because it is executed as part of the boot process.

There is no implicit assumption. The default mount options set up by theinstaller command that the ESP is automatically mounted at startup,resulting in root ownership. There is no need to add uid and gid mountoptions.

I agree with Steve: if *you* choose to change the default mount optionswith "noauto,users", *you* should deal with the consequences and addother mount options if needed.

But I believe that your use case is wrong anyway: upgrading packagesrequires root privileges so mounting the ESP as a normal user should notbe needed. Instead you may use dpkg's pre-invoke and post-invoke optionsor apt's Pre-Invoke and Post-Invoke options to mount and unmount theESP, like what can be done to remount /usr read-write during packageupgrades on systems where it is mounted read-only by default.

Reply to:

Follow-Ups:
- Re: Mounting EFI partition: default to `uid=0,gid=0`
  - From: yxcv@vienna.at

References:
- Mounting EFI partition: default to `uid=0,gid=0`
  - From: Danny van Heumen <danny@dannyvanheumen.nl>
- Re: Mounting EFI partition: default to `uid=0,gid=0`
  - From: Pascal Hambourg <pascal@plouf.fr.eu.org>
- Re: Mounting EFI partition: default to `uid=0,gid=0`
  - From: Danny van Heumen <danny@dannyvanheumen.nl>
- Re: Mounting EFI partition: default to `uid=0,gid=0`
  - From: Danny van Heumen <danny@dannyvanheumen.nl>
- Re: Mounting EFI partition: default to `uid=0,gid=0`
  - From: Steve McIntyre <steve@einval.com>
- Re: Mounting EFI partition: default to `uid=0,gid=0`
  - From: Danny van Heumen <danny@dannyvanheumen.nl>
- Re: Mounting EFI partition: default to `uid=0,gid=0`
  - From: Steve McIntyre <steve@einval.com>
- Re: Mounting EFI partition: default to `uid=0,gid=0`
  - From: Danny van Heumen <danny@dannyvanheumen.nl>

Prev by Date: Re: Mounting EFI partition: default to `uid=0,gid=0`
Next by Date: Re: Mounting EFI partition: default to `uid=0,gid=0`
Previous by thread: Re: Mounting EFI partition: default to `uid=0,gid=0`
Next by thread: Re: Mounting EFI partition: default to `uid=0,gid=0`
Index(es):
- Date
- Thread