Help required

Pallav Jain b330bkn at gmail.com
Thu Jun 10 11:57:19 UTC 2010 

thx for the method you give. but my simple doubt is that:

if i append those extra lines at the end of the file /boot/grub/menu.lst ,
is it okay even if the contents of that file (menu.lst) are not those as
written on the website, which says to append only after searching the
string:

## password ['--md5'] passwd
  # If used in the first section of a menu file, disable all interactive
editing
  # control (menu entry editor and command-line) and entries protected by
the
  # command 'lock'

which is not the case for my menu.lst file, as these contents are missing
there so even then i go for that one also?
thx

---------- Forwarded message ----------

> From: Tim <ignored_mailbox at yahoo.com.au>
> To: Community support for Fedora users <users at lists.fedoraproject.org>
> Date: Thu, 10 Jun 2010 12:20:12 +0930
> Subject: Re: Help required
> On Wed, 2010-06-09 at 22:13 +0530, Pallav Jain wrote:
> > But as listed at the url:
> >
> >
> http://www.fedoraguide.info/index.php?title=Main_Page#How_to_disable_all_interactive_editing_control_for_GRUB_menu
> >
> > Nowhere are being seen the following contents:
> >
> > ## password ['--md5'] passwd
> > # If used in the first section of a menu file, disable all interactive
> editing
> > # control (menu entry editor and command-line) and entries protected by
> the
> > # command 'lock'
> >
> > which should be in '/boot/grub/menu.lst'
>
> As has been mentioned before, "/etc/grub.conf" "/boot/grub/grub.conf"
> and "/boot/grub/menu.lst" are all the same thing.  One is the actual
> file, the others are links to it.  You can work on any of them, it works
> the same.
>
> If you're trying to put an encrypted password into GRUB, so that only an
> authorised person can do something with it, then follow the steps on the
> page, carefully.
>
> Open a shell, switch to being the root user by using the "su -" command,
> type in the root user password, and hit enter.  You'll need to be root
> to use grub.
>
> Type in the "grub" command, and hit enter.  Now you're in the grub
> shell, instead of the bash shell.  The commands you type, from now on,
> are grub commands.
>
> Type in the "md5crypt" command, and hit enter.  Now you type in the
> password that you want to use, and hit enter.  It'll spit back a string
> of characters that is the encrypted version of your password.  It's this
> string of characters you'll put into your grub.conf file.  Don't use the
> string of characters that the web page shows as an example.
>
> In your grub.conf file, before the first title sections, you'll put in
> the password next to the "password --md5" instruction, like I've done
> below.  The "--md5" bit of the command line details the type of
> encryption that was used with the password.
>
>  #boot=/dev/sda
>  default=0
>  timeout=5
>  splashimage=(hd0,0)/grub/splash.xpm.gz
>
>  password --md5 $1vcvbhnjmk,l;;lbvcdC.
>
>  title Fedora
>
> Now, with that in place, only someone who knows the password can press
> the "e" key in the grub boot screen to temporarily change how the
> computer will boot.  All they can do is pick from the choices in the
> menu.  If they attempt to use the "e" (edit) function, they'll be asked
> to type in the password.
>
> On top of that, if you wish to lock out some of the menu choices, so
> that only someone with the password can use them, then simply put the
> "lock" instruction directly under the title line.  Like this:
>
>  title Boot from floppy disk drive
>    lock
>    rootnoverify (fd0)
>    chainloader +1
>
> And then.... if you want different passwords for different menu items,
> put the password line within the different title sections of the
> grub.conf file, instead of having one password line above all of them.
>
> title WinXP
>    password --md5 $1iuyfd56tghjhgC.
>    lock
>    rootnoverify (hd0,0)
>    chainloader +1
>
>  title Boot from floppy disk drive
>    password --md5 $1vcvbhnjmk,l;;lbvcdC.
>    lock
>    rootnoverify (fd0)
>    chainloader +1
>
> If you're going to lock up the booting choices to stop people fiddling
> with your PC, then you'll also want to change the BIOS settings, so that
> someone can't simply boot from a CD or floppy, and bypass your grub.
>
> Go into your BIOS, change the boot options so that your hard drive is
> the only device that can be booted from, set a password on the BIOS,
> save the settings and exit.
>
> Now someone who wants to mess with your computer will have to open up
> the case and yank out the drive or the BIOS clock battery, or reset the
> BIOS.  That's going to be difficult to do without someone seeing them do
> it.
>
>
> --
> [tim at localhost ~]$ uname -r
> 2.6.27.25-78.2.56.fc9.i686
>
> Don't send private replies to my address, the mailbox is ignored.  I
> read messages from the public lists.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.fedoraproject.org/pipermail/users/attachments/20100610/5f23a73e/attachment.html

More information about the users mailing list