How to setup Boot Password (Grub)

Even before the operating system is booted, GRUB enables access to file systems. Users without root permissions can access files in your Linux system to which they have no access once the system is booted. To block this kind of access or prevent users from booting certain operating systems, set a boot password.
As the user root, proceed as follows to set a boot password:

At the root prompt, encrypt the password using grub-md5-crypt:

# grub-md5-crypt
Password: ****
Retype password: ****
Encrypted: $1$lS2dv/$JOcHkLosIn7CJk9xShzzJVw/

Paste the encrypted string into the global section of the file menu.lst:

gfxmenu (hd0,4)/message
color white/blue black/light-gray
default 0
timeout 8
password –md5 $1$lS2dv/$JOcHkLosIn7CJk9xShzzJVw/

Now GRUB commands can only be executed at the boot prompt after pressing P and entering the password. However, users can still boot all operating systems from the boot menu.

To prevent one or several operating systems from being booted from the boot menu, add the entry lock to every section in menu.lst that should not be bootable without entering a password. For example:

title linux
kernel (hd0,4)/vmlinuz root=/dev/sda7 vga=791
initrd (hd0,4)/initrd

After rebooting the system and selecting the Linux entry from the boot menu, the following error message is displayed:

Error 32: Must be authenticated

Press Enter to enter the menu. Then press P to get a password prompt. After entering the password and pressing Enter, the selected operating system (Linux in this case) should boot.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s