How to set up GRUB2 password in an easy way?

According to the section on protecting entries:

There is currently no automated method of adding users or designating menu items to be protected. The user must manually edit the GRUB 2 scripts. The GRUB 2 menu is a compilation of the inputs of several scripts. The /etc/grub.d/10_linux file is responsible for adding the default Ubuntu OS to the GRUB 2 menu. [...] The majority of these sections are devoted to editing the default scripts located in the /etc/grub.d/ folder.

And in the next section:

The GRUB 2 menu includes selections for operating systems other than the default Ubuntu OS via the /etc/grub.d/30_os-prober script. [...] This would include other Ubuntu and Linux installations, Windows, etc.

The 30_os-prober script looks for specific types of operating systems. The user can make the changes for all of the OS's via a single command, or individually by OS type as documented below.

So, it seems you will have to edit the files in /etc/grub.d/. At least for adding a superuser, you needn't edit one of those files, but can create a new file:

The superuser/user information and password do not have to be contained in the /etc/grub.d/00_header file. The information can be placed in any /etc/grub.d file as long as that file is incorporated into grub.cfg. The user may prefer to enter this data into a custom file, such as /etc/grub.d/40_custom so it is not overwritten should the Grub package be updated. If placing the information in a custom file, do not include the "cat << EOF" and "EOF" lines as the content is automatically added from these files.

These paragraphs remain relevant until the official GRUB documentation says otherwise:

The grub-mkconfig program does not yet have built-in support for generating configuration files with authentication.

(Whatever that's supposed to mean.)

Up to Ubuntu 12.04

Here are the outdated instructions for protecting menu entries:

In /etc/grub.d/10_linux, find the following line:

printf "menuentry '${title}' ${CLASS} {\n" "${os}" "${version}"

Add --users '' :

printf "menuentry '${title}' ${CLASS} --users '' {\n" "${os}" "${version}"

For all the entries in 30_os-prober:

sudo sed 's/--class os /--class os --users /' -i /etc/grub.d/30_os-prober

Ubuntu Packages doesn't list Ubuntu 12.10, so I am not sure if 12.10 uses the old method or the new one.

Ubuntu 13.04 and later

Now, the 10_linux file uses echo instead of printf:

echo "menuentry '$(echo "$title" | grub_quote)' ${CLASS} \$menuentry_id_option 'gnulinux-$version-$type-$boot_device_id' {" | sed "s/^/$submenu_indentation/"

And the 30_os-prober file uses cat and heredocs:

# The minix entry
cat << EOF
menuentry "${LONGNAME} (on ${DEVICE}, Multiboot)" {
EOF
# The hurd entry
cat << EOF
menuentry '$(echo "${LONGNAME} $onstr" | grub_quote)' --class hurd --class gnu --class os \$menuentry_id_option 'osprober-gnuhurd-/boot/gnumach.gz-false-$(grub_get_device_id "${DEVICE}")' {
EOF

So you can stick the --user "" part somewhere before the menuentry ends (before the brace opens).

Remember to backup any files you modify, and run update-grub after modification.

Related videos on Youtube

05 : 49

6 HowTo Set Grub2 Password #Grub2Password #Redhat8 #Technology #CloudArena #password #BreakPassword

Cloud Arena

336

10 : 10

UBUNTU Using GRUB2 passwords

theurbanpenguin

8

02 : 30

How to set password for GRUB menu

tutorial plus

5

02 : 25

Ubuntu: How to set up GRUB2 password in an easy way?

Roel Van de Paar

4

02 : 08

How to Set Grub2 password

sagar664

1

Author by

Admin

Updated on September 18, 2022