Grub 2 Password Protection in debian?

debian password-protection grub

3,505

Debian 8 (jessie) stores Grub 2 password parameters within the directory /etc/grub.d/ . Inside this directory there are only scripts used to generate the configuration file.

So you can create a new script (e.g. /etc/grub.d/01_users ) with the following content:

#!/bin/bash

cat <<EOF
set superusers="putyourusernamehere"
password putyourusernamehere grub.pbkdf2 grub.pbkdf2.sha512.10000.3450C89...
EOF

All the above lines are part of the file, because it is a script whose output will go in the final configuration file. Since it is a script, it will only be processed if it is executable (chmod a+x ...).

As an alternative, you may put just the lines you need in one of the existing files that are tweaked to output their own contents. Here you can see how /etc/grub.d/40_custom substitutes the shell with a tail command returning script contents starting from the third line:

#!/bin/sh
exec tail -n +3 $0

set superusers="putyourusernamehere"
password putyourusernamehere grub.pbkdf2 grub.pbkdf2.sha512.10000.3450C89...

In some Ubuntu derivatives (e.g. Mint 19) the format of the password changed as follows:

#!/bin/sh
exec tail -n +3 $0

set superusers=putyourusernamehere
password_pbkdf2 putyourusernamehere grub.pbkdf2.sha512.10000.3450C89...

You may want to add "--unrestricted" to the menu entries you want to boot without a password. For example within the file 10_linux :

10_linux:CLASS="--class gnu-linux --class gnu --class os --unrestricted"

Finally launch update-grub2 to generate the final configuration file /boot/grub/grub.cfg .

3,505

Author by

Rob

Updated on September 18, 2022

Comments

Rob over 1 year

I realized that on some devices my DatePicker's spinners don't show because the text is white instead of black (as it should be).

Example with a Honor 5C:

Example with a One Plus 5:

I realized it by setting a black background color instead:

I tried to change a lot of different attributes but nothing worked.

Here is the underlying code:

final AlertDialog.Builder datePickerDialog = new AlertDialog.Builder(getContext(), R.style.AlertDialog);
final View view = fragment.getActivity().getLayoutInflater().inflate(R.layout.views_form_pick_date_dialog_day, null);
final AppCompatTextView datePickerDialogTitle = (AppCompatTextView) view.findViewById(R.id.views_form_pick_date_dialog_title);
final DatePicker datePickerDialogSpinner = (DatePicker) view.findViewById(R.id.views_form_pick_date_dialog_spinner);
datePickerDialogSpinner.updateDate(calendar.get(Calendar.YEAR), calendar.get(Calendar.MONTH), calendar.get(Calendar.DAY_OF_MONTH));
datePickerDialog.setView(view);
datePickerDialog.show();

The XML layout associated:

R.layout.views_form_pick_date_dialog_day

<?xml version="1.0" encoding="utf-8"?>
<RelativeLayout xmlns:android="http://schemas.android.com/apk/res/android"
    android:layout_width="match_parent"
    android:layout_height="match_parent">

    <android.support.v7.widget.AppCompatTextView style="@style/TextViewBody"
        android:layout_width="match_parent"
        android:layout_height="wrap_content"
        android:padding="@dimen/style_size_space_medium"
        android:background="@color/style_color_red"
        android:text="@string/app_name"
        android:id="@+id/views_form_pick_date_dialog_title" />

    <DatePicker
        android:layout_width="match_parent"
        android:layout_height="wrap_content"
        android:layout_below="@+id/views_form_pick_date_dialog_title"
        android:calendarViewShown="false"
        android:datePickerMode="spinner"
        android:id="@+id/views_form_pick_date_dialog_spinner" />

</RelativeLayout>

Thanks for your help.

dazza5000 about 6 years

If possible, make sure you are using Support libraries so that the interface appears the same on all framework versions.
paakjis over 4 years

Have you found an answer for this?