Search

How to password protect GRUB (GNU GRand Unified Boot loader) using grub-md5-crypt

To password protect grub from illegal access, first create an MD5 hash for the password using the command grub-md5-crypt. Enter the password and again retype the password when prompted.

[root@localhost ~]# grub-md5-crypt
Password:
Retype password:
$1$4Onh4/$5TkWggMpA2u17k7IOA5Hi1
[root@localhost ~]#

Copy the hash generated by "grub-md5-crypt" command and use it in the grub.conf file as shown below.

### Beginning of grub.conf ###

# grub.conf generated by anaconda
#
# Note that you do not have to rerun grub after making changes to this file
# NOTICE:  You have a /boot partition.  This means that
#          all kernel and initrd paths are relative to /boot/, eg.
#          root (hd0,0)
#          kernel /vmlinuz-version ro root=/dev/sda2
#          initrd /initrd-version.img
#boot=/dev/sda
default=0
timeout=5
password --md5 $1$4Onh4/$5TkWggMpA2u17k7IOA5Hi1
splashimage=(hd0,0)/grub/splash.xpm.gz
hiddenmenu

#####First Operating System#####

title Red Hat Enterprise Linux Server (2.6.18-8.el5)
        root (hd0,0)
        kernel /vmlinuz-2.6.18-8.el5 ro root=LABEL=/ rhgb quiet
        initrd /initrd-2.6.18-8.el5.img

#####Second Operating System#####

title RedHat Operating System 2
        root(hd1,0)
        kernel /vmlinuz-2.6.18-8.el5 ro root=/dev/sdb2 rhgb quiet
        initrd /initrd-2.6.18-8.el5.img

### End of grub.conf ###

When you boot the machine next time, press "p" at the grub menu to enter the password and edit the grub menu.

Related Tutorials
• GRUB (GNU GRand Unified Boot loader)
• Working with grub.conf configuration file
• Linux Rescue Mode (Linux Rescue Environment)
• init process and Linux runlevels
• inittab configuration file
• Working with inittab configuration file
• inittab format