Password protected GRUB in Ubuntu

Ubuntu installs GNU GRUB as its default boot loader, which allows for great flexibility and recovery options. For example, when you install additional kernel images, these are automatically added as available boot options in the grub menu. Also, by default, alternate boot options are available for each kernel entry that may be used for system recovery.

To add a password for use with grub, first you must generate an md5 password hash using the grub-md5-crypt utility: grub-md5-crypt

The command will ask you to enter a password and offer a resulting hash value as shown below:

Password: (enter new password)
Retype password: (repeat password)
$1$s3YiK$M3lxAbqA6JLm2FbDWnClQ0

Add the resulting hash value to the file /etc/grub/menu.lst in the following format:

password --md5 $1$s3YiK$M3lxAbqA6JLm2FbDWnClQ0

To require use of the password for entering single user mode, change the value of the lockalternative variable in the file /boot/grub/menu.lst to true, as shown in the following example.

# lockalternative=true

2 comments:

March 10, 2009 at 2:48 AM
Anonymous said...: Thanks this makes me feel loads more at ease having the recovery option password protected in ubuntu!

Just a note to other Ubuntu users however, the directory for the grub menu.lst file is /boot/grub/menu.lst

Everything else is perfect!

Thanks!; July 16, 2010 at 7:15 AM
Anonymous said...: thanks a lot

Linux Blog

Password protected GRUB in Ubuntu

2 comments:

Post a Comment

Last 30 days Popular Posts

Blog Archive