[custom-header-login]
Typically when using GRUB boot-loader we use passwords to protect menu items and the menu itself. As you would expect this feature is available in GRUB2 and better. We define users and passwords and different users can have access to different items. First we create a “superuser”
set superusers=”andrew” password andrew L1nux
Once a superuser is set then you need to enter those credentials to edit menu items during the boot phase. To control access to individual menu items such as the Single User Mode we have created, then we add users to those items:
set superusers="andrew"
password andrew L1nux
password jane secret
menuentry "Single User Mode" --users jane {
insmod gzio
insmod part_msdos
insmod ext2
set root=(hd0,1)
linux /boot/vmlinuz root=/dev/sda1 ro 1
initrd /boot/initrd
}
You can see we have created another user, Jane and set her password. She is not a superuser and as such has to be assigned access to resources. Adding –users to the menu item for Singe User Mode will require superuser rights to boot; adding –users jane will allow jane or the superuser to use this menu item. You will also see in the video how we encrypt passwords using grub-mkpasswd-pbkdf2.