I think james is either understating or overstating the utility of grub passwords for some entries. A well behaved operating system will not allow ordinary users mess with either the boot or other operating systems. examples that would be not fall into that category would include dos (no security at all), live os images (either no root password or a widely published root password) or a operating system that requires all users to be administrators. it would indeed be worthwhile to restrict access to such operating systems. On the other hand anyone with physical access to the hardware can bypass grub passwords before grub is booted.
On Tue, Aug 4, 2015 at 1:24 PM, James Lott <[email protected]> wrote: > I think the "correct" solution for something like this would be disk > encryption on the partitions/disks containing the OS you want to protect. > Otherwise, someone who has access to boot into the unprotected OS (or some > other protected OS) could still access the protected OS; all they would > need is the proper filesystem drivers. > > > On 08/04/2015 10:55 AM, Andrei Borzenkov wrote: > >> В Tue, 04 Aug 2015 04:31:40 +0000 >> Seth Johnson <[email protected]> пишет: >> >> Someone was asking me if they could password protect specific OS entries, >>> I.e. a password would be required to boot that OS. I did a bunch of >>> Googling but everything I found mentioned editing 10_Linux and the like >>> inside /etc/grub.d/, however the files were completely different from any >>> of the examples or articles I could find. >>> >>> I realize I could probably edit grub.cfg but that would get overwritten >>> every kernel update. My friend is running Ubuntu 14.04 if it matters. >>> >>> Is this still possible? >>> >> Standard grub-mkconfig scripts shipped with upstream grub do not have >> support for it. Nor do I see easy way to add this support (how to >> identify "specific OS entries"?) So if you need this your best bet is >> to maintain grub.cfg manually. >> >> >> _______________________________________________ >> Help-grub mailing list >> [email protected] >> https://lists.gnu.org/mailman/listinfo/help-grub >> > > > _______________________________________________ > Help-grub mailing list > [email protected] > https://lists.gnu.org/mailman/listinfo/help-grub > -- -- Ben Hildred Automation Support Services 303 815 6721
_______________________________________________ Help-grub mailing list [email protected] https://lists.gnu.org/mailman/listinfo/help-grub
