Vladimir 'φ-coder/phcoder' Serbinenko wrote:
Bruce Dubbs wrote:
Vladimir 'φ-coder/phcoder' Serbinenko wrote:
Hello. Currently authentication system works as following:
menuentry "name" --users "a,b,c" {
}
Means that only superusers and users "a", "b" and "c" are permitted to
boot this menuentry. To allow only superusers to boot an entry one would
need:
menuentry "name" --users "" {
}
And absence of --users means "anyone can choose this entry".
Unfortunately this is error-prone. Does anyone oppose to change it to:
No --users: only superusers
To have an unlocked entry you have to add --unlocked
First, what is the definition of a 'superuser'? Where does GRUB get
the information to make a decision.
Superusers are set on per-configuration basis with
set superusers=<list>
these users are allowed to invoke shell and edit menu entries so there
is no reason to restrict which entries they are allowed to boot.
In any case, I'd recommend
--users: superusers only
or even
--users: superusers
I don't get what you mean
I thought you were asking about a parameter to the menuentry command
menuentry "name" --users "a,b,c" {
I was recommending
menuentry "name" --users superusers {
Where superusers is a keyword implying all superusers.
-- Bruce
_______________________________________________
Grub-devel mailing list
Grub-devel@gnu.org
http://lists.gnu.org/mailman/listinfo/grub-devel
