[SOLVED] Grub2 superuser behaviour has changed

AndySingleton · #1 1st August 2012, 11:15 AM

I have a problem with grub2 in F17, version is 2.0-0.37.

In grub2.1.99-13, you could define a superuser, and this allowed you to boot a grub entry without a password. But it required a password if you tried to edit any of the grub entries. This is perfect for the college where I work.

2.0, however, has changed this behaviour: Defining a superuser means all grub entries require that password regardless.

I want to know if there is a way around this behaviour, a way to mimic the previous behaviour, or another option for stopping malicious people (students

) from altering the boot options using grub.

***DBelton*** · #2 1st August 2012, 02:20 PM

the --unrestricted or --users option doesn't work anymore?

clip from the grub docs:

Code:

     set superusers="root"
     password_pbkdf2 root grub.pbkdf2.sha512.10000.biglongstring
     password user1 insecure
     
     menuentry "May be run by any user" --unrestricted {
     	set root=(hd0,1)
     	linux /vmlinuz
     }
     
     menuentry "Superusers only" --users "" {
     	set root=(hd0,1)
     	linux /vmlinuz single
     }
     
     menuentry "May be run by user1 or a superuser" --users user1 {
     	set root=(hd0,2)
     	chainloader +1
     }

Edit:
link to grub2 docs:
http://www.gnu.org/software/grub/man....html#Security

AndySingleton · #3 1st August 2012, 02:45 PM

Yep, --unrestricted does exactly what we want.

Thanks for the response, and sorry for putting yet another rtfm issue on the forums.

***DBelton*** · #4 1st August 2012, 02:52 PM

No problem

It's kinda hard sometimes to hunt down and find all of the docs for these things.

Glad you found what you needed, and it's working for you now

Edit:
Hope you don't mind, but I'm going to mark this thread as solved for you