Home / server / Questions / 753555
Accepted
a coder
Asked: 2016-02-03 12:08:53 +0800 CST

Bootloader password - existing content found in /etc/grub.d/01_users

  • 772

I need to set a bootloader password and am apprehensive about changing the existing config (per warning about potentially making a system unbootable).

RH documentation says to add the following lines:

cat <<EOF
set superusers="john"
password john johnspassword
EOF

The current /etc/grub.d/01_users file already has this at the top:

#!/bin/sh -e
cat << EOF
if [ -f \${prefix}/user.cfg ]; then
  source \${prefix}/user.cfg
  if [ -n "\${GRUB2_PASSWORD}" ]; then
    set superusers="root"
    export superusers
    password_pbkdf2 root \${GRUB2_PASSWORD}
  fi
fi
EOF

Should I append the first part below the existing EOF, replace the existing content altogether, or something else?

password

1 Answers

  1. Best Answer

    Install grub2-tools, you will find /usr/sbin/grub2-setpassword in there. That is what the current contents are made for.

    Running the grub2-setpassword binary will generate /boot/grub2/user.cfg containing:

    GRUB2_PASSWORD=grub.pbkdf2.sha512.***

    You can do this manually, just cat /usr/sbin/grub2-setpassword and see what actions to take. Basically run /usr/bin/grub2-mkpasswd-pbkdf2 and enter the content in the named user.cfg file.

    • 1