Fedora Linux Support Community & Resources Center
  #1  
Old 18th December 2012, 01:39 AM
MHashemi Offline
Registered User
 
Join Date: Dec 2012
Location: Iran
Posts: 7
windows_7firefox
password protect for grub2

hi!
i want set password in grub2.
1- i create hash of my password :
Code:
grub2-mkpasswd-pbkdf2
2- i add these code to end of /etc/grub.d/40_custom file :
Code:
set superusers="root"
password_pbkdf2 root grub.pbkdf2.sha512.10000.20F6422.....
3- run this code for apply config :
Code:
grub2-mkconfig -o /boot/grub2/grub.cfg
but when i reboot system, grub do not ask username and password.
how i can create password protect for grub2?
---
i use fedora 17
Reply With Quote
  #2  
Old 18th December 2012, 11:13 AM
marriedto51 Offline
Registered User
 
Join Date: Jul 2009
Location: England, UK
Posts: 910
linuxfirefox
Re: password protect for grub2

The way you've set it up, grub will ask for a password if you try to edit any of the boot entries, or to enter the grub shell. But you can still boot any of the entries listed without needing a password.

To require the password before booting a specific entry, you need to edit the /boot/grub2/grub.cfg file, find the relevant "menuentry" line, and add a "--users" option. You can look at the grub manual for some examples: http://www.gnu.org/software/grub/man....html#Security.

Note that (annoyingly) grub2-mkconfig sets the permissions on /boot/grub2/grub.cfg to read-only (even for root), so you'll need to do something like
Code:
su -c 'chmod 600 /boot/grub2/grub.cfg'
su -c 'vi /boot/grub2/grub.cfg'
to edit the file.

I don't know that it is possible to require a password before showing the grub menu.
Reply With Quote
  #3  
Old 18th December 2012, 04:46 PM
MHashemi Offline
Registered User
 
Join Date: Dec 2012
Location: Iran
Posts: 7
linuxfirefox
Re: password protect for grub2

Quote:
Originally Posted by marriedto51 View Post
The way you've set it up, grub will ask for a password if you try to edit any of the boot entries, or to enter the grub shell. But you can still boot any of the entries listed without needing a password.

To require the password before booting a specific entry, you need to edit the /boot/grub2/grub.cfg file, find the relevant "menuentry" line, and add a "--users" option. You can look at the grub manual for some examples: http://www.gnu.org/software/grub/man....html#Security.

Note that (annoyingly) grub2-mkconfig sets the permissions on /boot/grub2/grub.cfg to read-only (even for root), so you'll need to do something like
Code:
su -c 'chmod 600 /boot/grub2/grub.cfg'
su -c 'vi /boot/grub2/grub.cfg'
to edit the file.

I don't know that it is possible to require a password before showing the grub menu.
thanks for your answer
The way i set it up do not work even when i edit menuentry and press F10.
and without ask username and password login.
and i test another way :
Code:
https://fedoraproject.org/wiki/GRUB_2?rd=Grub2#Setting_a_password_for_interactive_edit_mode
but don not work.
----
and the wat that you say:
i do not know that where save this code? :
Code:
set superusers="root"
password_pbkdf2 root GRUBPASSWORDHASH
in /etc/grub.d/01_users file or in /etc/grub.d/00_header file or /etc/grub.d/40_custom file or /boot/grub2/grub.cfg??
----
in this link :
Code:
http://www.gnu.org/software/grub/manual/grub.html#Security
i do not know what do this option? :
Code:
password user1 insecure
and whats mean user1?
Reply With Quote
  #4  
Old 20th December 2012, 09:18 AM
marriedto51 Offline
Registered User
 
Join Date: Jul 2009
Location: England, UK
Posts: 910
linuxfirefox
Re: password protect for grub2

If you just want password protection when you press F10 or try to enter the grub shell, then I think the following should work. (It is what I have done.)
  1. Run grub2-mkpasswd-pbkdf2 as you did before. This should produce some output like
    Code:
    Enter password: 
    Reenter password: 
    Your PBKDF2 is grub.pbkdf2.sha512.10000.3CCFD3...
  2. Edit the file /etc/grub.d/01_users (as root) to make it look like
    Code:
    #!/bin/sh -e
    
    cat << EOF
    set superusers="root"
    password_pbkdf2 root grub.pbkdf2.sha512.10000.3CCFD3...
    where you replace what comes after "password_pbkfd2 root" with what grub2-mkpasswd-pbkfd2 produced ("Your PBKDF2 is ...").
  3. Re-build the grub config file with
    Code:
    su -c 'grub2-mkconfig -o /boot/grub2/grub.cfg'
  4. Re-boot to test.

The option with user1 in the documentation is just an example of a clear-text (insecure) password, so you can ignore that.

You should not need to edit /boot/grub2/grub.cfg directly unless you want to add password protection to certain boot entries (for example, a recovery boot entry).

Hope that helps.
Reply With Quote
  #5  
Old 20th December 2012, 02:43 PM
MHashemi Offline
Registered User
 
Join Date: Dec 2012
Location: Iran
Posts: 7
windows_7firefox
Re: password protect for grub2

hi!
than you.
worked.
i write these command in 01_users :
Code:
set superusers="root"
password_pbkdf2 root GRUBPASSWORDHASH
when i run mkconfig error that "command not found: mkconfig in line 2"
but i must write these command :
Code:
cat << EOF
set superusers="root"
password_pbkdf2 root grub.pbkdf2.sha512.10000.3CCFD3...
and now worked.
thanks.
Reply With Quote
Reply

Tags
grub2, password, protect

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Trying to Password Protect a directory huntersj78 Security and Privacy 8 1st April 2010 03:20 PM
Grub password protect other OS soupisgood84 Fedora Focus 3 29th January 2009 10:09 PM
creative zen password protect help Wiles Using Fedora 0 17th June 2008 01:01 AM
Password Protect ZIP archive TypeSH Using Fedora 3 31st March 2008 09:23 PM


Current GMT-time: 22:11 (Sunday, 21-09-2014)

TopSubscribe to XML RSS for all Threads in all ForumsFedoraForumDotOrg Archive
logo

All trademarks, and forum posts in this site are property of their respective owner(s).
FedoraForum.org is privately owned and is not directly sponsored by the Fedora Project or Red Hat, Inc.

Privacy Policy | Term of Use | Posting Guidelines | Archive | Contact Us | Founding Members

Powered by vBulletin® Copyright ©2000 - 2012, vBulletin Solutions, Inc.

FedoraForum is Powered by RedHat