Centos/RHEL 8 Set Grub password


So, this tutorial provides step-by-step instructions on recovering/reset lost or forgotten RHEL 8 / CentOS 8 Linux root administrative passwords. To first boot to the set GRUB password and usernames required. So that non-authorized users cannot modify the grub entry at the boot loader stage. Also, check setting up grub for Ubuntu.

Why should we protect set grub password Linux boot loader ?

The primary reasons for password protecting Linux boot loader:

1. Stop Access to Single User Mode – If an attacker can boot into single-user mode, he becomes the root user.

2. Stop Access to the GRUB Console – If the machine uses GRUB as its boot loader, an attacker can use the GRUB editor interface to change its configuration or to gather information using the cat command.

3. Stop Access to Non-Secure Operating Systems – If it is a dual-boot system, an attacker can select at boot time an operating system, such as DOS, which ignores access controls and file permissions. 

Generate password for the grub

So, use grub2-setpassword to set a password for the root user:

# grub2-setpassword

The generated password is located at /boot/grub2/user.cfg.

# cat /boot/grub2/user.cfg

Recreate the grub config with grub2-mkconfig to set grub password

# grub2-mkconfig -o /boot/grub2/grub.cfg

Reboot the server and verify

# reboot

Note: All defined grub menu entries will now require entering user & password each time at boot. The system will not boot without direct user intervention from the console. Prompted for the user, enter “root”.

So, to remove the grub password, visit the red hat site. GRUB 2 configuration file, grub.cfg, is generated during installation, or by invoking the /usr/sbin/grub2-mkconfig utility, and is automatically updated by grubby each time a new kernel is installed. When regenerated manually using grub2-mkconfig, the file is generated according to the template files located in /etc/grub.d/, and custom settings in the /etc/default/grub file.

Treat your password like your toothbrush. Don’t let anybody else use it, and get a new one every six months.


Please enter your comment!
Please enter your name here

Latest articles

You might also likeRELATED

1 DNS server container Podman dirty easy

Introduction Linux distributions. So, what is a DNS? A DNS server is a service that helps resolve a fully qualified domain name (FQDN) into an IP address...

1 Nagios xi server container Fast and Easy

Introduction Provides monitoring of all mission-critical infrastructure components, including applications, services, operating systems, network protocols, systems metrics, and network infrastructure. In addition, hundreds of third-party...

Remote VS Code fast and dirty easy 100%

Introduction Visual Studio Code or VS Code is a lightweight but powerful source code editor which runs on your desktop and is available for Windows,...