Bug#477092: [PATCH] add support for setting a username + password in grub-installer for GRUB 2
tag 477092 + patch
thanks
Here's now a patch which adds support to set a username and password for
GRUB 2
The debconf templates probable need to be changed. I'm not that perfect
in writing them.
And I wasn't sure what to do if people enter a username but no password.
Now I just don't set anything if no password has been given just like
with grub-legacy.
--
Felix Zielcke
Proud Debian Maintainer
Index: debian/grub-installer.templates
===================================================================
--- debian/grub-installer.templates (revision 60631)
+++ debian/grub-installer.templates (working copy)
@@ -87,6 +87,32 @@ _Description: Device for boot loader ins
your third drive (SCSI here);
- "(fd0)" or "/dev/fd0" will install GRUB to a floppy.
+Template: grub-installer/superuser
+Type: string
+# :sl2:
+_Description: GRUB superuser:
+ The GRUB boot loader offers many powerful interactive features, which could
+ be used to compromise your system if unauthorized users have access to the
+ machine when it is starting up. To defend against this, you may choose a
+ username and password which will be required before editing menu entries or
+ entering the GRUB command-line interface. By default, any user will still be
+ able to start any menu entry without entering a username and password.
+ .
+ If you do not wish to set a GRUB username, leave this field blank.
+
+Template: grub-installer/grub2-password
+Type: password
+# :sl2:
+_Description: GRUB password:
+ Please enter the password you want to use for GRUB 2.
+
+Template: grub-installer/empty-password
+Type: error
+# :sl2:
+_Description: Empty password
+ You have given a username but no password. If you don't want authorization
+ please don't specify an username, else you have to give a password.
+
Template: grub-installer/password
Type: password
# :sl2:
Index: grub-installer
===================================================================
--- grub-installer (revision 60631)
+++ grub-installer (working copy)
@@ -750,6 +750,78 @@ if [ "$grub_version" = "grub" ] ; then
chmod o-r $ROOT/boot/grub/$menu_file
rm -f /tmp/menu.lst.password
fi
+else
+ # Set up a username and password if asked or preseeded.
+ superuser=
+ password=
+ db_get grub-installer/password-crypted
+ if [ "$RET" ] ; then
+ error "encrypted passwords are not yet supported with GRUB 2."
+ exit 1
+ else
+ PW_PRIO=low
+ db_input $PW_PRIO grub-installer/superuser || true
+ if ! db_go; then
+ # back up to menu
+ db_progress STOP
+ exit 10
+ fi
+ db_get grub-installer/superuser
+ if [ "$RET" ]; then
+ superuser="$RET"
+ while :; do
+ password=""
+
+ db_input $PW_PRIO grub-installer/grub2-password || true
+ if ! db_go; then
+ # back up to menu
+ db_progress STOP
+ exit 10
+ fi
+
+ db_get grub-installer/grub2-password
+ if [ "$RET" ]; then
+ password="$RET"
+ db_input $PW_PRIO grub-installer/password-again || true
+ if ! db_go; then
+ db_progress STOP
+ exit 10
+ fi
+
+ db_get grub-installer/password-again
+ if [ "$password" = "$RET" ]; then
+ break
+ else
+ db_input critical grub-installer/password-mismatch || true
+ if ! db_go; then
+ db_progress STOP
+ exit 10
+ fi
+ fi
+ else
+ # The user doesn't want a password
+ break
+ fi
+ # We only get here if passwords don't match
+ PW_PRIO=critical
+ db_set grub-installer/superuser ""
+ db_set grub-installer/password ""
+ db_set grub-installer/password-again ""
+ db_fset grub-installer/superuser seen false
+ db_fset grub-installer/password seen false
+ db_fset grub-installer/password-again seen false
+ done
+ fi
+ fi
+ if [ "$superuser" ] && [ "$password" ] ; then
+ cat > $ROOT/etc/grub.d/05_password << EOF
+#!/bin/sh
+exec tail -n +3 $0
+set superusers=$superuser
+password $superuser $password
+EOF
+ chmod o-r $ROOT/etc/grub.d/05_password
+ fi
fi
if [ "$grub_version" = grub ]; then
Reply to: