help-grub
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Can I password protect individual operating system entries?

From: Ben Hildred
Subject: Re: Can I password protect individual operating system entries?
Date: Tue, 4 Aug 2015 13:48:13 -0600
I think james is either understating or overstating the utility of grub passwords for some entries. A well behaved operating system will not allow ordinary users  mess with either the boot or other operating systems. examples that would be not fall into that category would include dos (no security at all), live os images (either no root password or a widely published root password) or a operating system that requires all users to be administrators. it would indeed be worthwhile to restrict access to such operating systems. On the other hand anyone with physical access to the hardware can bypass grub passwords before grub is booted.

On Tue, Aug 4, 2015 at 1:24 PM, James Lott <address@hidden> wrote:
I think the "correct" solution for something like this would be disk encryption on the partitions/disks containing the OS you want to protect. Otherwise, someone who has access to boot into the unprotected OS (or some other protected OS) could still access the protected OS; all they would need is the proper filesystem drivers.


On 08/04/2015 10:55 AM, Andrei Borzenkov wrote:
В Tue, 04 Aug 2015 04:31:40 +0000
Seth Johnson <address@hidden> пишет:

Someone was asking me if they could password protect specific OS entries,
I.e. a password would be required to boot that OS. I did a bunch of
Googling but everything I found mentioned editing 10_Linux and the like
inside /etc/grub.d/, however the files were completely different from any
of the examples or articles I could find.

I realize I could probably edit grub.cfg but that would get overwritten
every kernel update. My friend is running Ubuntu 14.04 if it matters.

Is this still possible?
Standard grub-mkconfig scripts shipped with upstream grub do not have
support for it. Nor do I see easy way to add this support (how to
identify "specific OS entries"?) So if you need this your best bet is
to maintain grub.cfg manually.


_______________________________________________
Help-grub mailing list
address@hidden
https://lists.gnu.org/mailman/listinfo/help-grub


_______________________________________________
Help-grub mailing list
address@hidden
https://lists.gnu.org/mailman/listinfo/help-grub



--
--
Ben Hildred
Automation Support Services
303 815 6721
reply via email to
[Prev in Thread] Current Thread [Next in Thread]