how to password protect BURG?

Asked by seahorsepip on 2010-01-10

I now how to do it in grub, grub2 but how can i do it in BURG?
And come there a gtk aplication for it?(should be cool)

i hope that i get a answer...thamks

Question information

Language:
English Edit question
Status:
Solved
For:
burg Edit question
Assignee:
No assignee Edit question
Last query:
2010-01-10
Last reply:
2010-04-25
bean (bean123ch) said : #1

First, you need to set users and passwords in grub.cfg, for example:

set superusers=admin
# md5 password
password --md5 admin '$1$A1tpOB3$bTHEMeIVvBbQsLZIWmJp/.'
# plain text password
password user1 user1

The md5 password is generated using command grub-mkpasswd, for example, to get the encrypted string for admin, use:
grub-mkpasswd admin

You can also generate it with openssl, for example:
openssl passwd -1 -salt 1234567 admin

Then, add --users option to the menuentries you want to protect, like this:

menuentry "Boot Windows" --users user1 {
  ...
}

Only user1 and superusers (admin in this example) can boot this item.

Some system defined hot-keys, such as 'c', can only be used by superusers.

BTW, grub2 upstream has recently add support for pbkdf2 password. This will be merged into BURG soon.

bean (bean123ch) said : #2

I've added user land tool to configure password protection. Although the tools needs to be run in console mode, but it's much easier than hacking the configure file manually:

http://code.google.com/p/burg/wiki/Authentication

Eduardo Parra (soker) said : #3

How do I set a password only to the recovery mode?

bean (bean123ch) said : #4

Oh, interesting point. Currently GRUB_USERS doesn't distinguish between normal and rescue mode items, but it's quite easy to implement. I'd add it in the next version.

bean (bean123ch) said : #5

With 2010.04.25, you can password protect recovery items only, see the following wiki page for more information:

http://code.google.com/p/burg/wiki/Authentication

bean (bean123ch) said : #6

This feature has been implemented.

Eduardo Parra (soker) said : #7

Muchas gracias, voy a probarlo