Bruce Dubbs wrote: > Vladimir 'φ-coder/phcoder' Serbinenko wrote: >> Hello. Currently authentication system works as following: >> >> menuentry "name" --users "a,b,c" { >> } >> Means that only superusers and users "a", "b" and "c" are permitted to >> boot this menuentry. To allow only superusers to boot an entry one would >> need: >> menuentry "name" --users "" { >> } >> And absence of --users means "anyone can choose this entry". >> Unfortunately this is error-prone. Does anyone oppose to change it to: >> No --users: only superusers >> To have an unlocked entry you have to add --unlocked > > First, what is the definition of a 'superuser'? Where does GRUB get > the information to make a decision. > Superusers are set on per-configuration basis with set superusers=<list> these users are allowed to invoke shell and edit menu entries so there is no reason to restrict which entries they are allowed to boot. > In any case, I'd recommend > > --users: superusers only > > or even > > --users: superusers I don't get what you mean > ------- > -- Bruce > > > _______________________________________________ > Grub-devel mailing list > Grub-devel@gnu.org > http://lists.gnu.org/mailman/listinfo/grub-devel >
-- Regards Vladimir 'φ-coder/phcoder' Serbinenko
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Grub-devel mailing list Grub-devel@gnu.org http://lists.gnu.org/mailman/listinfo/grub-devel