[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Password protecting grub

> But, be advised that once you do this, all the menu entries in grub will be
> inaccessible until the password is supplied.
> It would be nice to have a way of requiring a password only if it required
> to boot a non-default entry.

That's what
      menuentry "May be run by any user" --unrestricted {
is for. The documentation example runs thus:

Yes, I had read through that. But that would mean editing /boot/grub/grub.cfg manually and losing the changes every time grub-update is run. What I could not figure out was to having the --unrestricted be appended automatically for the default entry (In my case, GRUB_DEFAULT=0 which boots the default kernel) every time grub-update was run.

An alternate and equally acceptable solution for me would be to require a password only to a access the grub console or to edit the menu entries interactively during boot. I had such a setup back when grub-legacy was the default in debian but could not achieve the same results with grub2.

Reply to: