diff --git a/doc/source/developer-notes/V-38579.rst b/doc/source/developer-notes/V-38579.rst
new file mode 100644
index 00000000..ac733bcd
--- /dev/null
+++ b/doc/source/developer-notes/V-38579.rst
@@ -0,0 +1,2 @@
+Ubuntu 14.04 sets the ownership on ``/boot/grub/grub.cfg`` to root by default.
+The Ansible task will ensure that the secure default is maintained.
diff --git a/openstack-ansible-security/tasks/boot.yml b/openstack-ansible-security/tasks/boot.yml
index 6f289ac1..3a752ae6 100644
--- a/openstack-ansible-security/tasks/boot.yml
+++ b/openstack-ansible-security/tasks/boot.yml
@@ -13,6 +13,15 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+- name: V-38579 - Bootloader configuration files must be owned by root
+  file:
+    path: /boot/grub/grub.cfg
+    owner: root
+  tags:
+    - boot
+    - cat2
+    - V-38579
+
 - name: V-38581 - Bootloader configuration files must be group-owned by root
   file:
     path: /boot/grub/grub.cfg