[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[bug #39351] Password Protected Grub Menu Entries
From: |
Bobby Martin |
Subject: |
[bug #39351] Password Protected Grub Menu Entries |
Date: |
Thu, 27 Jun 2013 16:10:51 +0000 |
User-agent: |
Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/27.0.1453.110 Safari/537.36 |
URL:
<http://savannah.gnu.org/bugs/?39351>
Summary: Password Protected Grub Menu Entries
Project: GNU GRUB
Submitted by: bmartin4
Submitted on: Thu 27 Jun 2013 04:10:50 PM GMT
Category: Security
Severity: Major
Priority: 5 - Normal
Item Group: Feature Request
Status: None
Privacy: Public
Assigned to: None
Originator Name: Bobby Martin
Originator Email: address@hidden
Open/Closed: Open
Discussion Lock: Any
Release:
Release: other
Reproducibility: Every Time
Planned Release: None
_______________________________________________________
Details:
Background and Attempts:
I am in charge of securing multiple labs that all run Ubuntu 12.04. As part of
securing them, the ability to edit menu entries were password protected and
the recovery menu entries were removed. However, users could still reboot
their system and the default entry would boot without a prompt for a username
and password.
We are wanting to upgrade all of the computers to Ubuntu 13.04, however this
configuration of grub no longer seems possible.
According to https://help.ubuntu.com/community/Grub2/Passwords :
"To protect one or more menu items:
Each menuentry to be protected must include information on its title line as
to which users should be granted access.
In Ubuntu Precise or earlier, if no user(s) are designated for a specific
menuentry, access to that entry will be given to all users.
In Ubuntu Quantal or later, if no user(s) are designated for a specific
menuentry, access to that entry will be limited to the superuser."
I have made various attempts to configure grub in a way that allows me to get
this old functionality back, however it does not seem to be possible
in this new version of grub. I have only been able to configure it in a way
that forces me to set a user and password, which is not an acceptable solution
since these labs are used by a large number of people and distributing a
generic account is not something we are willing to do, since the functionality
we need was at one time possible.
Observed Actions:
Grub will not boot the standard entry without a username and prompt being
specified.
To edit the entry the superuser name and password must be specified.
Expected Results:
Grub will boot the standard entry without a username and prompt.
To edit the entry the superuser name and password must be specified.
Is there anyway that the old functionality of grub be implemented in this
newer version of grub?
The version of grub-pc in use in Ubuntu Raring is 2.00-13Ubuntu3
The version of grub-pc in use in Ubuntu Precise is 1.99-21Ubuntu3.9
_______________________________________________________
Reply to this item at:
<http://savannah.gnu.org/bugs/?39351>
_______________________________________________
Message sent via/by Savannah
http://savannah.gnu.org/
- [bug #39351] Password Protected Grub Menu Entries,
Bobby Martin <=