Ubuntu
grub package

boot grub menu.lst permissions

Asked by pawpaw mike

Odd, no matter how I try to edit or change the grub/menu.lst I find that I do not have permission to change this file. The idea here is to protect my system by password protecting the grub loader. Any ideas would be great help. PawPaw Mike.

Question information

Language:
English Edit question
Status:
Answered
For:
Ubuntu grub Edit question
Assignee:
No assignee Edit question
Last query:
Last reply:
Revision history for this message
Andre Mangan (kyphi) said : 		#1

sudo nano /boot/grub/menu.lst

use the up/down arrows to scroll.

or use gedit instead of nano.

Revision history for this message
pawpaw mike (mj2guest1) said : 		#2

Wonderful results. However, not the results I needed. I was able to password the GRUB from changes being made, but, what I would like to do is this, if it can be done with UBUNTU. When the GRUB screen appears one must first have a password before an OS is selected. The reasoning is this. If an OS can be selected and started then there is access to the machine. However, if an OS can not be selected without a password, then here is one more level of security. Again, any ideas are welcome. Thank you for your help, PawPaw Mike

Revision history for this message
Andre Mangan (kyphi) said : 		#3

Your first question was answered - this is another question!

Do you want to stop other users from accessing the GRUB command shell or do you want to stop other users from accessing some of the GRUB entries?

You must generate a hashed password:
1. sudo grub-md5-crypt
2. password:
3. Retype password:
then paste the encrypted password into menu.lst in the global configuration part before the boot stanzas:
password --md5 <generated hashed password>

On booting, when the GRUB menu appears, tap on p to enter your password.

A rescue disc will let you into menu.lst if you forget your password.

Revision history for this message
pawpaw mike (mj2guest1) said : 		#4

You are correct, I suppose this was another question. Rather, I may not have asked the right question to start with. I want to stop others from accessing the GRUB as one level and preventing changes as second. Thank you for your very good info and your time, PawPaw Mike

Revision history for this message
Andre Mangan (kyphi) said : 		#5

The outline I posted above, creates a password for GRUB to stop anyone (unless ...) from going further.
You can also "lock" individual GRUB menu entries, again you need to create a password first. That is OK if you have a few operating systems loaded but pointless if there is only one.
The password does not need to be encrypted but then you need to change file permissions to root only.

Other options: 1. You can create a number of user accounts which you as the administrator can assign privileges to.
                         2. Set a password in the BIOS to stop the system from booting as far as GRUB.

Can you help with this problem?

Provide an answer of your own, or ask pawpaw mike for more information if necessary.

To post a message you must log in.