[ < ] | [ > ] | [ << ] | [ Up ] | [ >> ] | [Top] | [Contents] | [Index] | [ ? ] |
You may be interested in how to prevent ordinary users from doing whatever they like, if you share your computer with other people. So this chapter describes how to improve the security of GRUB.
One thing which could be a security hole is that the user can do too
many things with GRUB, because GRUB allows one to modify its configuration
and run arbitrary commands at run-time. For example, the user can even
read `/etc/passwd' in the command-line interface by the command
cat
(see section cat). So it is necessary to disable all the
interactive operations.
Thus, GRUB provides a password feature, so that only administrators
can start the interactive operations (i.e. editing menu entries and
entering the command-line interface). To use this feature, you need to
run the command password
in your configuration file
(see section password), like this:
password --md5 PASSWORD |
If this is specified, GRUB disallows any interactive control, until you press the key p and enter a correct password. The option `--md5' tells GRUB that `PASSWORD' is in MD5 format. If it is omitted, GRUB assumes the `PASSWORD' is in clear text.
You can encrypt your password with the command md5crypt
(see section md5crypt). For example, run the grub shell (see section Invoking the grub shell), and enter your password:
grub> md5crypt Password: ********** Encrypted: $1$U$JK7xFegdxWH6VuppCUSIb. |
Then, cut and paste the encrypted password to your configuration file.
Also, you can specify an optional argument to password
. See
this example:
password PASSWORD /boot/grub/menu-admin.lst |
In this case, GRUB will load `/boot/grub/menu-admin.lst' as a configuration file when you enter the valid password.
Another thing which may be dangerous is that any user can choose any menu entry. Usually, this wouldn't be problematic, but you might want to permit only administrators to run some of your menu entries, such as an entry for booting an insecure OS like DOS.
GRUB provides the command lock
(see section lock). This command
always fails until you enter the valid password, so you can use it, like
this:
title Boot DOS lock rootnoverify (hd0,1) makeactive chainload +1 |
You should insert lock
right after title
, because
any user can execute commands in an entry until GRUB encounters
lock
.
You can also use the command password
instead of
lock
. In this case the boot process will ask for the password
and stop if it was entered incorrectly. Since the password
takes its own PASSWORD argument this is useful if you want
different passwords for different entries.
[ << ] | [ >> ] | [Top] | [Contents] | [Index] | [ ? ] |
This document was generated by root on April, 6 2008 using texi2html 1.76.