{"id":5535,"date":"2016-01-01T15:06:30","date_gmt":"2016-01-01T07:06:30","guid":{"rendered":"http:\/\/rmohan.com\/?p=5535"},"modified":"2016-01-01T15:06:45","modified_gmt":"2016-01-01T07:06:45","slug":"add-grub-password-on-centos-7-rhel-7-and-fedora-oracle-linux","status":"publish","type":"post","link":"https:\/\/mohan.sg\/?p=5535","title":{"rendered":"add grub password on centos 7 Rhel 7 and Fedora oracle linux"},"content":{"rendered":"<p>Red Hat Enterprise Linux 7\/CentOS 7 system that requires manual entry of a bootloader password in order to boot any future kernels Adding users and custom <code class=\"western\">menuentry<\/code><\/p>\n<p><code class=\"western\"> .... --user SOMEUSER\u00a0 <\/code>directives to <code class=\"western\">\/etc\/grub.d\/40_custom as\u00a0 <\/code>per the the RHEL7 System Administrator&#8217;s Guide is great, but how can you configure grub so that ALL existing &amp; future kernels require a password in order to boot?<\/p>\n<p>&nbsp;<\/p>\n<ul>\n<li>Edit <code class=\"western\">\/etc\/grub.d\/10_linux<\/code>, changing the line like the following:\n<pre class=\"western\">\t<code class=\"western\">CLASS=\"--class gnu-linux --class gnu --class os --unrestricted\"<\/code><\/pre>\n<p>to a line exactly like the following:<\/p>\n<pre class=\"western\">\t<code class=\"western\">CLASS=\"--class gnu-linux --class gnu --class os --users '' \"<\/code><\/pre>\n<p>This could be done with a simple <code class=\"western\">sed <\/code>command, e.g., by running the following from a root shell:<\/p>\n<pre class=\"western\">\t<code class=\"western\">sed -i \"\/^CLASS=\/s\/unrestricted\/users '' \/\" \/etc\/grub.d\/10_linux<\/code><\/pre>\n<\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<p>Add a user to <code class=\"western\">\/etc\/grub.d\/40_custom <\/code>as described in RHEL7 System Administrator&#8217;s Guide, e.g., by running the following from a root shell:<\/p>\n<p>cat &gt;&gt;\/etc\/grub.d\/40_custom &lt;&lt;\\EOF<br \/>\nset superusers=&#8221;root&#8221;<br \/>\npassword root test123<br \/>\nEOF<br \/>\n[root@clusterserver3 ~]# grub2-mkpasswd-pbkdf2<br \/>\nEnter password:<br \/>\nReenter password:<br \/>\nPBKDF2 hash of your password is grub.pbkdf2.sha512.10000.86A0045A177A7C12C3649BE90A5A8CE1C9099EC4BFD50B0D4C1884FA13AD2893738F103C28888A819629DDE735AA1941C15732FB1ACCA9AF05B9E560C74ED474.61E9129DE99E0E7F6B7679534FF849046570C099A244D9D3215D849D5C1940FB50C478DCEFE4CE6086B41CA1BCDA185123166967B3933C0FDD5AA9E537B02505<\/p>\n<p>&nbsp;<\/p>\n<p>cat &gt;&gt;\/etc\/grub.d\/40_custom &lt;&lt;\\EOF<br \/>\nset superusers=&#8221;root&#8221;<br \/>\nset superusers=&#8221;root&#8221;<br \/>\npassword_pbkdf2\u00a0 root\u00a0 grub.pbkdf2.sha512.10000.E4827A5F6322572A56AAD8BC17E665160D4596290AFCB9C45D97DC6E621E7AF6D595946BE5291D9019DD51196835D54DACEB4047AAC3A510790BC2CE3B71BA07.6A5BC9851BD2EA5A505C558632F4FC049C41E0C44C49CDDE43C50DBE45D81FAEDC40A721D5EFA2A18758CE313541CD6035FDA1AA20FD5D7E1491ED2BF714CE4E<br \/>\nEOF<\/p>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Red Hat Enterprise Linux 7\/CentOS 7 system that requires manual entry of a bootloader password in order to boot any future kernels Adding users and custom menuentry<\/p>\n<p> &#8230;. &#8211;user SOMEUSER directives to \/etc\/grub.d\/40_custom as per the the RHEL7 System Administrator&#8217;s Guide is great, but how can you configure grub so that ALL existing &amp; [&#8230;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[73],"tags":[],"_links":{"self":[{"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/posts\/5535"}],"collection":[{"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/mohan.sg\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=5535"}],"version-history":[{"count":2,"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/posts\/5535\/revisions"}],"predecessor-version":[{"id":5537,"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/posts\/5535\/revisions\/5537"}],"wp:attachment":[{"href":"https:\/\/mohan.sg\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=5535"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mohan.sg\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=5535"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mohan.sg\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=5535"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}