URL: <http://savannah.gnu.org/bugs/?39351>
Summary: Password Protected Grub Menu Entries Project: GNU GRUB Submitted by: bmartin4 Submitted on: Thu 27 Jun 2013 04:10:50 PM GMT Category: Security Severity: Major Priority: 5 - Normal Item Group: Feature Request Status: None Privacy: Public Assigned to: None Originator Name: Bobby Martin Originator Email: bobby.mar...@mail.wvu.edu Open/Closed: Open Discussion Lock: Any Release: Release: other Reproducibility: Every Time Planned Release: None _______________________________________________________ Details: Background and Attempts: I am in charge of securing multiple labs that all run Ubuntu 12.04. As part of securing them, the ability to edit menu entries were password protected and the recovery menu entries were removed. However, users could still reboot their system and the default entry would boot without a prompt for a username and password. We are wanting to upgrade all of the computers to Ubuntu 13.04, however this configuration of grub no longer seems possible. According to https://help.ubuntu.com/community/Grub2/Passwords : "To protect one or more menu items: Each menuentry to be protected must include information on its title line as to which users should be granted access. In Ubuntu Precise or earlier, if no user(s) are designated for a specific menuentry, access to that entry will be given to all users. In Ubuntu Quantal or later, if no user(s) are designated for a specific menuentry, access to that entry will be limited to the superuser." I have made various attempts to configure grub in a way that allows me to get this old functionality back, however it does not seem to be possible in this new version of grub. I have only been able to configure it in a way that forces me to set a user and password, which is not an acceptable solution since these labs are used by a large number of people and distributing a generic account is not something we are willing to do, since the functionality we need was at one time possible. Observed Actions: Grub will not boot the standard entry without a username and prompt being specified. To edit the entry the superuser name and password must be specified. Expected Results: Grub will boot the standard entry without a username and prompt. To edit the entry the superuser name and password must be specified. Is there anyway that the old functionality of grub be implemented in this newer version of grub? The version of grub-pc in use in Ubuntu Raring is 2.00-13Ubuntu3 The version of grub-pc in use in Ubuntu Precise is 1.99-21Ubuntu3.9 _______________________________________________________ Reply to this item at: <http://savannah.gnu.org/bugs/?39351> _______________________________________________ Message sent via/by Savannah http://savannah.gnu.org/ _______________________________________________ Bug-grub mailing list Bug-grub@gnu.org https://lists.gnu.org/mailman/listinfo/bug-grub