pyrox.dev
nixos/doc: suggest mounting the ESP on /boot with umask=077
This prevents world-readable access to /boot, which is a security issue
that systemd-boot warns about.
Fixes https://github.com/NixOS/nixpkgs/issues/279362.
+2
-2
nixos/doc/manual/installation/installing.chapter.md
+2
-2
nixos/doc/manual/installation/installing.chapter.md
···
376
376
377
377
```ShellSession
378
378
# mkdir -p /mnt/boot
379
-
# mount /dev/disk/by-label/boot /mnt/boot
379
+
# mount -o umask=077 /dev/disk/by-label/boot /mnt/boot
380
380
```
381
381
382
382
3. If your machine has a limited amount of memory, you may want to
···
572
572
# mkfs.fat -F 32 -n boot /dev/sda3 # (for UEFI systems only)
573
573
# mount /dev/disk/by-label/nixos /mnt
574
574
# mkdir -p /mnt/boot # (for UEFI systems only)
575
-
# mount /dev/disk/by-label/boot /mnt/boot # (for UEFI systems only)
575
+
# mount -o umask=077 /dev/disk/by-label/boot /mnt/boot # (for UEFI systems only)
576
576
# nixos-generate-config --root /mnt
577
577
# nano /mnt/etc/nixos/configuration.nix
578
578
# nixos-install