Re: Password protecting grub

To: Debian-user <debian-user@lists.debian.org>
Subject: Re: Password protecting grub
From: Raj Kiran Grandhi <grajkiran@gmail.com>
Date: Fri, 18 Mar 2016 18:59:39 +0530
Message-id: <[🔎] CAFQnEuACddVTPHviegS+i+OzOktS_QG+EXnUpqMEiQKHr0A8Cw@mail.gmail.com>
In-reply-to: <[🔎] 20160317164004.GA9830@alum>
References: <[🔎] CANy4JSiQEJFHAm39OdmRYdKr62nn_h84sbBr6iY3x0FnCph7Hg@mail.gmail.com> <[🔎] 20160316142508.GA7991@alum> <[🔎] CANy4JSiAzy1GqmXWa5DGetSwsAkqEG3BKQy8iYXv-cb+TP1rdA@mail.gmail.com> <[🔎] 56E98EFE.6000907@dodin.org> <CANy4JShKRG0Tgkvb7f5a_SZrtrNdefYS-tk0UHTsH=8CjYEq+g@mail.gmail.com> <56E9931B.9000207@dodin.org> <CANy4JSiJWhc-xWKYGKpbmdabRQVYQ1gG9Sv6E9BnQxDDJANawA@mail.gmail.com> <56E999A6.2030803@dodin.org> <[🔎] CANy4JShZyi=cQRnOzbWy6RGDAqfOQ29aJaHZtja_9JT-xEkspQ@mail.gmail.com> <[🔎] CAFQnEuDeU8a-4DwMbVGOrZL0JNNu=HCKY2+XDPaH4EzBTVc7Eg@mail.gmail.com> <[🔎] 20160317164004.GA9830@alum>

> But, be advised that once you do this, all the menu entries in grub will be
> inaccessible until the password is supplied.
> It would be nice to have a way of requiring a password only if it required
> to boot a non-default entry.

That's what
menuentry "May be run by any user" --unrestricted {
is for. The documentation example runs thus:

Yes, I had read through that. But that would mean editing /boot/grub/grub.cfg manually and losing the changes every time grub-update is run. What I could not figure out was to having the --unrestricted be appended automatically for the default entry (In my case, GRUB_DEFAULT=0 which boots the default kernel) every time grub-update was run.

An alternate and equally acceptable solution for me would be to require a password only to a access the grub console or to edit the menu entries interactively during boot. I had such a setup back when grub-legacy was the default in debian but could not achieve the same results with grub2.

Reply to:

Follow-Ups:
- Re: Password protecting grub
  - From: David Wright <deblis@lionunicorn.co.uk>

References:
- Password protecting grub
  - From: Himanshu Shekhar <irm2015006@iiita.ac.in>
- Re: Password protecting grub
  - From: David Wright <deblis@lionunicorn.co.uk>
- Re: Password protecting grub
  - From: Himanshu Shekhar <irm2015006@iiita.ac.in>
- Re: Password protecting grub
  - From: jdd <jdd@dodin.org>
- Re: Password protecting grub
  - From: Himanshu Shekhar <irm2015006@iiita.ac.in>
- Re: Password protecting grub
  - From: Raj Kiran Grandhi <grajkiran@gmail.com>
- Re: Password protecting grub
  - From: David Wright <deblis@lionunicorn.co.uk>

Prev by Date: Re: Does anyone know how to configure a Brother MFC-J5720DW with cups?
Next by Date: Re: Does anyone know how to configure a Brother MFC-J5720DW with cups?
Previous by thread: Re: Password protecting grub
Next by thread: Re: Password protecting grub
Index(es):
- Date
- Thread