How to set a Grub root password on Ubuntu 20.04

Everything Linux, A.I, IT News, DataOps, Open Source and more delivered right to you.
Subscribe
"The best Linux newsletter on the web"

Hello friends. In this post, I will explain to you How to set a Grub root password on Ubuntu 20.04. So you can protect even the system boot. Ideal for shared computers or where we want to increase the security of it.

Is it necessary to protect the grub?

The Grub as we know is a utility that is installed on the disk along with the system whose function is to make a boot loader. That is to say that with it we will be able to indicate to the computer when to start the system.

Grub recognizes several systems including Windows. It allows the dual boot that we all take advantage of.

Although the system is very robust, it is advisable to increase the security of the system. Especially on shared computers where you want to avoid possible information leaks.

Fortunately, the Grub allows us to define a password that will be requested at boot time. This is an extra layer of security for the system.

So, let’s go for it. The process is fast and although it can give some problems it is something that if we are careful will not fail.

How to set a Grub root password on Ubuntu 20.04

In this process, we have to do it as the root user. So, open a terminal and run

sudo -i

Then you will be the root user.

Next, generate a securely encrypted password using the grub-mkpasswd-pbkdf2 command which will prompt you for one but it will be encrypted automatically.

grub-mkpasswd-pbkdf2
Enter password: 
Reenter password:
1.- Generating a new password for the grub
1.- Generating a new password for the grub

Then, you will see an output screen similar to this one where the result of the encrypted password will be grub. and followed by a very long string of characters.

Now you need to modify the /etc/grub.d/40_custom file to add the user and the encrypted password that has been generated,

Before doing so, it is a good idea to backup the file

cp /etc/grub.d/40_custom /etc/grub.d/40_custom.old

Edit the file.

nano /etc/grub.d/40_custom

And add the following

set superusers="root"
password_pbkdf2 root password
2.- Configuring the password for the grub
2.- Configuring the password for the grub

Where you have to replace password with the full encrypted password as shown in the image.

Save the changes and close the editor.

To apply the changes, you have to run the following command

grub-mkconfig -o /boot/grub/grub.cfg
3.- Applying the changes
3.- Applying the changes

Now reboot the system.

When grub just loads you will be prompted for the username and password. Remember that the user is root and the password is the one you defined, not the encrypted one.

4.- Grub password
4.- Grub password

So, enjoy it.

Conclusion

Protecting the grub is a good way to secure the system. This trick can be useful in several circumstances.

Everything Linux, A.I, IT News, DataOps, Open Source and more delivered right to you.
Subscribe
"The best Linux newsletter on the web"
Angelo
Angelo
I am Angelo. A systems engineer passionate about Linux and all open-source software. Although here I'm just another member of the family.

1 COMMENT

  1. Hi Angelo,
    Article is very useful but, it is asking password every reboot. How to possible if i manage 1000 servers means, How to provide password for 1000 server every reboot. Can you share steps “Avoid Grub2 password protection on every boot”

    Centos 7 Grub2 password protection will ask password when ever you enter to change grub parameter otherwise system will boot automatically.
    https://www.tecmint.com/password-protect-grub-in-linux/

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Latest articles

Join us on Facebook