The vfat filesystem used by /boot/efi is the cause. Despite not having the concept of permissions itself, the vfat filesystem can be mounted under Linux with any set of permissions.
Unable change permission for /boot/efi/EFI/centos/grub.conf on CentOS 6 as shown below.
[root@centos6 centos]# ls -ltr total 248 -rwx------ 1 root root 247570 Jan 22 2011 grub.efi -rwx------ 1 root root 887 May 20 2014 grub.conf [root@centos6 centos]# pwd /boot/efi/EFI/centos [root@centos66 centos]# chmod 600 grub.conf [root@centos6 centos]# ls -ltr total 248 -rwx------ 1 root root 247570 Jan 22 2011 grub.efi -rwx------ 1 root root 887 May 20 2014 grub.conf
Unable to change permission for /boot/efi/EFI/centos/grub.cfg on CentOS 7 and 8 as shown below.
[root@centos8 ~]# cd /boot/efi/EFI/centos/ [root@centos8 centos]# ls -ltr total 4884 -rwx------. 1 root root 2285512 Feb 25 2021 grubx64.efi drwx------. 2 root root 4096 Feb 25 2021 fonts -rwx------. 1 root root 918944 Apr 7 2021 shimx64-redhat.efi -rwx------. 1 root root 924888 Apr 7 2021 shimx64.efi -rwx------. 1 root root 846856 Apr 7 2021 mmx64.efi -rwx------. 1 root root 182 Apr 7 2021 BOOTX64.CSV -rwx------. 1 root root 1024 Jan 26 11:33 grubenv -rwx------. 1 root root 6374 Jan 26 11:33 grub.cfg [root@centos8 centos]# pwd /boot/efi/EFI/centos [root@centos8 centos]# chmod 600 grub.cfg [root@centos8 centos]# ls -ltr total 4884 -rwx------. 1 root root 2285512 Feb 25 2021 grubx64.efi drwx------. 2 root root 4096 Feb 25 2021 fonts -rwx------. 1 root root 918944 Apr 7 2021 shimx64-redhat.efi -rwx------. 1 root root 924888 Apr 7 2021 shimx64.efi -rwx------. 1 root root 846856 Apr 7 2021 mmx64.efi -rwx------. 1 root root 182 Apr 7 2021 BOOTX64.CSV -rwx------. 1 root root 1024 Jan 26 11:33 grubenv -rwx------. 1 root root 6374 Jan 26 11:33 grub.cfg
