More videos like this online at http://www.theurbanpenguin.com/
Password protecting the boot menu
As with the legacy GRUB it is possible to edit menu entries during the boot process. This may not always desirable so this, as before can be secured using passwords but additionally usernames are implemented along with the password which is new to GRUB2.
If we want to protect the complete menu during the boot process then we add a username and password to the menu rather than within a menu entry. We will start by adding the username and password to the 40_custom file in /etc/grub.d .
We add the lines:
set superusers="andrew" password andrew L1nux A superuser must be designated is passwords are to be used. This user can select all menu entries, edit any items in the GRUB 2 menu during the boot process, and access the GRUB 2 terminal. Other users can be added and gain access to elements they have been assigned. Of course, the password is stored in clear text, should this be something we do not wish to do we can encrypt passwords with grub-mkpasswd-pbkdf2
8 Comments