How to password protect grub2 boot in Debian 7.3? [SOLVED]

Kernels & Hardware, configuring network, installing services

How to password protect grub2 boot in Debian 7.3? [SOLVED]

Postby sybok » 2014-01-09 00:15

Hi, Debian 7.3 is my first Debian and i am not a professional in linux, only have used desktop ubuntus in the last few years.
I'm studying linux more seriously now, i installed several linuxes including Debian 7.3, which was the last to be installed and installed grub.

I tried to password protect grub like this:

I did encrypted password with the command: # grub-mkpasswd-pbkdf2
Then I edited grub file: # nano /etc/default/grub
Then I added the following commands on the file:

setsuperusers="username"
password_pbkdf2 username password

Then I tried updating grub: # update-grub

But it did not work, i received the following error message:
/usr/sbin/grub-mkconfig: 13: /etc/default/grub password_pbkdf2 not found

So I treid to do exactly the same thing, but editing the file /etc/grub.d/00_header
Unfortunately I got an error message similar: /etc/grub.d/00_header :274 /etc/grub.d/00_header password_pbkdf2 not found

Finally, i put these commands in /boot/grub/grub.cfg file, only then it worked, but as far as i know, we should not manually edit this file, and such changes will be lost the next time I update grub.

What is the correct file, or the correct commands, to password protect grub boot in Debian 7.3?

Thanks for any help, and sorry for my bad english.
Last edited by sybok on 2014-01-11 07:02, edited 1 time in total.
sybok
 
Posts: 2
Joined: 2014-01-08 22:11

Re: How to password protect grub2 boot in Debian 7.3?

Postby sybok » 2014-01-11 02:44

sybok wrote:What is the correct file, or the correct commands, to password protect grub boot in Debian 7.3?
.

Debian 7.3 uses grub2, i've updated the title of the topic to make it easy to find this information.

I found the solution here: https://help.ubuntu.com/community/Grub2/Passwords
Also as a full tutorial on grub2 here: http://www.gnu.org/software/grub/grub-d ... ation.html

The correct file to edit is: /etc/grub.d/40_custom
Basically these are the correct steps:

1 - Type the command: grub-mkpasswd-pbkdf2
2 - Enter the desired password

It will generate a long password encrypted like this: grub.pbkdf2.sha512.10000.FC58373BCA15A797C418C1EA7FFB007BF5A5

3 - Copy the complete generated code.
4 - Edit the file: /etc/grub.d/40_custom
5 - At the end of the file add the following commands:

setsuperusers="username"
password_pbkdf2 username password


Obviously you should replace the words "username" with your desired user name, and the word password for the encrypted password generated in the previous step.
For example, if your desired username is John, and the password is grub.pbkdf2.sha512.10000.FC58373BCA15A797C418C1EA7FFB007BF5A5 your full code will look like this:

set superusers="John"
password_pbkdf2 John grub.pbkdf2.sha512.10000.FC58373BCA15A797C418C1EA7FFB007BF5A5

6 - Save the file and exit.
7 - Finally, type the command: update-grub

That's all, your grub2 is protected.

Remember that the correct file to edit is 40_custom simply because other files such as grub.cfg or even 00_header are updated automatically by the system in certain circumstances, and it would make you lose those changes.

I Hope this helps anyone with the same problem.
Last edited by sybok on 2014-01-11 20:14, edited 2 times in total.
sybok
 
Posts: 2
Joined: 2014-01-08 22:11

Re: How to password protect grub2 boot in Debian 7.3?

Postby dasein » 2014-01-11 03:42

sybok wrote:...i've updated the title of the topic to make it easy to find this information.

That's genuinely thoughtful of you. You'll make it even easier for folks to find if you edit the topic once more and add the word [SOLVED].

Thanks for posting back the solution you found.
User avatar
dasein
 
Posts: 7775
Joined: 2011-03-04 01:06
Location: Terra Incantationum

How best to password protect only certain boot options?

Postby Logomachist » 2014-05-09 01:11

I'm curious, what if you only want to password protect certain boot options? The Grub2/Passwords Ubuntu documentation suggests adding --users '' to the printf "menuentry '${title}' ${CLASS} {\n" "${os}" "${version}" lines in /etc/grub.d/10_linux but will this file be overwritten during automatic system updates?
Logomachist
 
Posts: 1
Joined: 2014-05-09 00:39

Re: How to password protect grub2 boot in Debian 7.3? [SOLVE

Postby Digger1 » 2014-12-30 04:49

I would like to add something that may be of help here.

I was not having any luck setting up a GRUB2 password for GRUB versions 1.98 and 1.99. The solution was found here.

I merely added the following line after the password line in the 40_custom file:

Code: Select all
export superusers


Worked for me!

IHTHS!
Squeeze on two machines, Wheezy on the other...
http://www.astronautbiker.com
User avatar
Digger1
 
Posts: 153
Joined: 2011-01-08 21:03
Location: Colorado Springs, CO

Re: How to password protect grub2 boot in Debian 7.3? [SOLVE

Postby orgads » 2020-03-26 07:05

Hi,

I used this tutorial: https://selivan.github.io/2017/12/21/gr ... tries.html

Notice that the
Code: Select all
cat << EOF
is part of the file
orgads
 
Posts: 8
Joined: 2008-09-04 13:22


Return to System configuration

Who is online

Users browsing this forum: mattia and 17 guests

fashionable