On Thu, Aug 17, 2017 at 12:09:37AM +0200, jumpy@tutanota.com wrote:
from debian wiki : edit /boot/grub/menu.lst and add the following two lines at the top. This prevents users from editing the boot items. timeout 5 specifies a 5 second delay before grub boots the default item. timeout 5 color cyan/blue white/blue password --md5 $1$A9NHZ/$N.6k9riAFMbV/nfsZ2LnD1 does this old (obsolete & unsecure) doc work ? could it be an alternative creating a menu.lst cheating a bit ? i like the color line & the simplicity. Updated how-to : Set Grub2 boot password on Debian based system (June 9, 2017) ([1]https://linoxide.com/linux-how-to/set-grub-password)
Rather than consulting "obsolete & unsecure" documentation you've found on the internet, why not just look at the manual[1] written by the program's authors?
[1] https://www.gnu.org/software/grub/manual/grub.html#Security
if i install both ; does it lock, unlock, act as a backdoor, make the system unbootable erasing/removing the boot process ? and if i install 2 password for the same user , does it work ?
Grub2 won't do anything with menu.lst, unless you explicitly tell it to do so with 'legacy_configfile'.
The manual doesn't defined what happens if two passwords are defined for the same user, so any of the above options is possible.
it is just a question about how secure could be a grub password (e.g) if a hack (old how-to) is still allowed ... (i suppose all vulnerabilities are patched yet).
How is an "outdated & unsecure" howto which defines how to set a password "a hack"? Again, setting a password was documented in the manual[2] for grub legacy, so following documented procedures is not really a "hack".
[2] https://www.gnu.org/software/grub/manual/legacy/grub.html#Security
# does a grub2 password secure (unhackable ?) really the o.s ? # should you recommend it as a safe measure ? -- Securely sent with Tutanota. References Visible links 1. https://linoxide.com/linux-how-to/set-grub-password/
-- For more information, please reread.
Attachment:
signature.asc
Description: PGP signature