| View previous topic :: View next topic |
| Author |
Message |
li1_getoo
l33t
Joined: 20 Oct 2002
Posts: 661
Location: Queens , NY
|
 Posted: Fri Jan 17, 2003 10:13 am Post subject: passwd for /GRUB |
 |
|
| Code: | cat /boot/grub/menu.lst
default 0
timeout 10
splashimage=(hd0,0)/boot/grub/splash.xpm.gz
password changeme xxxxx
title=Gentoo
root (hd0,0)
kernel /boot/bzImage root=/dev/hda5
|
I did that and nothin happend , i mean booted the same way without asking me for a passwd , can anyboy tell me how to do this the right way 
i did find some info here but is not enough
http://www.gentoo.org/doc/en/gentoo-security.xml |
|
| Back to top |
|
 |
drakonite
l33t
Joined: 02 Nov 2002
Posts: 768
Location: Lincoln, NE
|
| Posted: Fri Jan 17, 2003 10:20 am Post subject: |
|
|
| What is the purpose of the xxxxx's on the password line? |
|
| Back to top |
|
|
drakonite
l33t
Joined: 02 Nov 2002
Posts: 768
Location: Lincoln, NE
|
| Posted: Fri Jan 17, 2003 10:23 am Post subject: |
|
|
Oh... and if I am reading correctly you have to add "lock" as one of the options to all of the options you don't want to be picked without the password....
I haven't tried this yet but thats what it sounds like to me... |
|
| Back to top |
|
|
li1_getoo
l33t
Joined: 20 Oct 2002
Posts: 661
Location: Queens , NY
|
| Posted: Fri Jan 17, 2003 12:27 pm Post subject: |
|
|
XXXX == the actual passwd , but if u can give me an example will be nice
thanx |
|
| Back to top |
|
|
jukka
Apprentice
Joined: 06 Jun 2002
Posts: 249
Location: Zurich, Switzerland
|
| Posted: Fri Jan 17, 2003 10:43 pm Post subject: |
|
|
| you should read 'info grub' -> Security |
|
| Back to top |
|
|
drakonite
l33t
Joined: 02 Nov 2002
Posts: 768
Location: Lincoln, NE
|
| Posted: Fri Jan 17, 2003 11:47 pm Post subject: |
|
|
Ok, here is how grub passwords work...
| Code: |
default 0
timeout 5
password PLEASE
splashimage=(hd0,0)/boot/grub/splash.xpm.gz
title=Gentoo Linux
root(hd0,0)
kernel /boot/bzImage root=/dev/hda5 hdc=scsi
title=Windows 2000
lock
root (hd0,2)
chainloader +1
|
Will make it so the password is PLEASE. You will only be able to edit entires in grub if you know the password, and you can't start Windows 2000 without knowing the password.
The xxxxx you put shouldn't be there. The only argument you need is the actuall password.
You can use md5sum passwords by putting "--md5sum [md5encoded password]" as the password, but I'm not sure how you encode them to md5 at the moment so don't ask me 
One other thing you can do is specifiy the password line like so:
| Code: |
password PLEASE /boot/grub/admin-menu.lst
|
and when you input the password it will load admin-menu.lst to use for it's settings instead of menu.lst.
Does that explain things nicely? |
|
| Back to top |
|
|
li1_getoo
l33t
Joined: 20 Oct 2002
Posts: 661
Location: Queens , NY
|
| Posted: Sat Jan 18, 2003 1:00 am Post subject: |
|
|
thank u guys
i did it info grub helped
| Code: | | password --md5crypt <placethecrypthere> |
u get the crypt by running grub > md5crypt
password: ******
encrypted : <u copy this on ur /boot/grub/menu.lst> |
|
| Back to top |
|
|
|
Networking & Security
