thx for the method you give. but my simple doubt is that: if i append those extra lines at the end of the file /boot/grub/menu.lst , is it okay even if the contents of that file (menu.lst) are not those as written on the website, which says to append only after searching the string:
## password ['--md5'] passwd # If used in the first section of a menu file, disable all interactive editing # control (menu entry editor and command-line) and entries protected by the # command 'lock' which is not the case for my menu.lst file, as these contents are missing there so even then i go for that one also? thx ---------- Forwarded message ---------- > From: Tim <ignored_mail...@yahoo.com.au> > To: Community support for Fedora users <users@lists.fedoraproject.org> > Date: Thu, 10 Jun 2010 12:20:12 +0930 > Subject: Re: Help required > On Wed, 2010-06-09 at 22:13 +0530, Pallav Jain wrote: > > But as listed at the url: > > > > > http://www.fedoraguide.info/index.php?title=Main_Page#How_to_disable_all_interactive_editing_control_for_GRUB_menu > > > > Nowhere are being seen the following contents: > > > > ## password ['--md5'] passwd > > # If used in the first section of a menu file, disable all interactive > editing > > # control (menu entry editor and command-line) and entries protected by > the > > # command 'lock' > > > > which should be in '/boot/grub/menu.lst' > > As has been mentioned before, "/etc/grub.conf" "/boot/grub/grub.conf" > and "/boot/grub/menu.lst" are all the same thing. One is the actual > file, the others are links to it. You can work on any of them, it works > the same. > > If you're trying to put an encrypted password into GRUB, so that only an > authorised person can do something with it, then follow the steps on the > page, carefully. > > Open a shell, switch to being the root user by using the "su -" command, > type in the root user password, and hit enter. You'll need to be root > to use grub. > > Type in the "grub" command, and hit enter. Now you're in the grub > shell, instead of the bash shell. The commands you type, from now on, > are grub commands. > > Type in the "md5crypt" command, and hit enter. Now you type in the > password that you want to use, and hit enter. It'll spit back a string > of characters that is the encrypted version of your password. It's this > string of characters you'll put into your grub.conf file. Don't use the > string of characters that the web page shows as an example. > > In your grub.conf file, before the first title sections, you'll put in > the password next to the "password --md5" instruction, like I've done > below. The "--md5" bit of the command line details the type of > encryption that was used with the password. > > #boot=/dev/sda > default=0 > timeout=5 > splashimage=(hd0,0)/grub/splash.xpm.gz > > password --md5 $1vcvbhnjmk,l;;lbvcdC. > > title Fedora > > Now, with that in place, only someone who knows the password can press > the "e" key in the grub boot screen to temporarily change how the > computer will boot. All they can do is pick from the choices in the > menu. If they attempt to use the "e" (edit) function, they'll be asked > to type in the password. > > On top of that, if you wish to lock out some of the menu choices, so > that only someone with the password can use them, then simply put the > "lock" instruction directly under the title line. Like this: > > title Boot from floppy disk drive > lock > rootnoverify (fd0) > chainloader +1 > > And then.... if you want different passwords for different menu items, > put the password line within the different title sections of the > grub.conf file, instead of having one password line above all of them. > > title WinXP > password --md5 $1iuyfd56tghjhgC. > lock > rootnoverify (hd0,0) > chainloader +1 > > title Boot from floppy disk drive > password --md5 $1vcvbhnjmk,l;;lbvcdC. > lock > rootnoverify (fd0) > chainloader +1 > > If you're going to lock up the booting choices to stop people fiddling > with your PC, then you'll also want to change the BIOS settings, so that > someone can't simply boot from a CD or floppy, and bypass your grub. > > Go into your BIOS, change the boot options so that your hard drive is > the only device that can be booted from, set a password on the BIOS, > save the settings and exit. > > Now someone who wants to mess with your computer will have to open up > the case and yank out the drive or the BIOS clock battery, or reset the > BIOS. That's going to be difficult to do without someone seeing them do > it. > > > -- > [...@localhost ~]$ uname -r > 2.6.27.25-78.2.56.fc9.i686 > > Don't send private replies to my address, the mailbox is ignored. I > read messages from the public lists.
-- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
