Datasheet
“main” (Installation and Administration) — 2004/6/25 — 13:29 — page 214 — #240
i
i
i
i
i
i
i
i
8.4.4 The GRUB Shell
GRUB actually consists of two parts: the boot loader and a normal Linux
program (/usr/sbin/grub). This program is referred to as the GRUB
shell. The functionality to install the boot loader on a hard disk or floppy
disk is integrated into the GRUB shell through the internal commands
install and setup — these commands can be executed using the GRUB
shell on a running Linux system. However, these commands are also avail-
able while the system is booting with GRUB — before Linux is even run-
ning. This makes the repair of a defective system much easier.
8.4.5 Setting a Boot Password
Because GRUB is able to access file systems when booting, it could also be
used to read files that would not be accessible under normal circumstances
— on a running system, users would need root permissions to read them.
To put a stop to this, set a boot password. Such a password can be used
to prevent unauthorized access to file systems at boot time and to prevent
users from booting certain installed systems.
To create a boot password, log in as root and proceed as follows:
1. At the root prompt, enter grub.
2. In the GRUB shell, encrypt the password:
grub> md5crypt
Password: ****
Encrypted: $1$lS2dv/$JOYcdxIn7CJk9xShzzJVw/
3. Paste the encrypted string into the global section of the file menu.
lst:
gfxmenu (hd0,4)/message
color white/blue black/light-gray
default 0
timeout 8
password --md5 $1$lS2dv/$JOYcdxIn7CJk9xShzzJVw/
From now on, executing GRUB commands from the boot prompt is
impossible without knowing the password. Permission to do so is
only granted after pressing
P and entering the password. However,
users can still boot all operating systems without any restriction.
214 8.4. Booting with GRUB