On Sun, Dec 06, 2009 at 07:11:11PM +0100, Vladimir 'φ-coder/phcoder' Serbinenko
wrote:
> Hello. Currently authentication system works as following:
>
> menuentry "name" --users "a,b,c" {
> }
> Means that only superusers and users "a", "b" and "c" are permitted to
> boot this menuentry. To allow only superusers to boot an entry one would
> need:
> menuentry "name" --users "" {
> }
> And absence of --users means "anyone can choose this entry".
> Unfortunately this is error-prone. Does anyone oppose to change it to:
> No --users: only superusers
> To have an unlocked entry you have to add --unlocked
I agree this is error-prone and encourages insecure ways of using GRUB.
However, this has the potential to render system unbootable if user made
a mistake. I think that should be avoided too.
How about:
"--locked" == only superusers can boot
"--locked --users a,b,c" == only a,b,c and superusers can boot
"" == everyone can boot
--
Robert Millan
"Be the change you want to see in the world" -- Gandhi
_______________________________________________
Grub-devel mailing list
Grub-devel@gnu.org
http://lists.gnu.org/mailman/listinfo/grub-devel
