Hello friends. In this post, I will explain to you How to set a Grub root password on Ubuntu 20.04. So you can protect even the system boot. Ideal for shared computers or where we want to increase the security of it.
Is it necessary to protect the grub?
The Grub as we know is a utility that is installed on the disk along with the system whose function is to make a boot loader. That is to say that with it we will be able to indicate to the computer when to start the system.
Grub recognizes several systems including Windows. It allows the dual boot that we all take advantage of.
Although the system is very robust, it is advisable to increase the security of the system. Especially on shared computers where you want to avoid possible information leaks.
Fortunately, the Grub allows us to define a password that will be requested at boot time. This is an extra layer of security for the system.
So, let’s go for it. The process is fast and although it can give some problems it is something that if we are careful will not fail.
How to set a Grub root password on Ubuntu 20.04
In this process, we have to do it as the root user. So, open a terminal and run
sudo -i
Then you will be the root user.
Next, generate a securely encrypted password using the grub-mkpasswd-pbkdf2 command which will prompt you for one but it will be encrypted automatically.
grub-mkpasswd-pbkdf2 Enter password: Reenter password:
Then, you will see an output screen similar to this one where the result of the encrypted password will be grub. and followed by a very long string of characters.
Now you need to modify the /etc/grub.d/40_custom file to add the user and the encrypted password that has been generated,
Before doing so, it is a good idea to backup the file
cp /etc/grub.d/40_custom /etc/grub.d/40_custom.old
Edit the file.
nano /etc/grub.d/40_custom
And add the following
set superusers="root" password_pbkdf2 root password
Where you have to replace password with the full encrypted password as shown in the image.
Save the changes and close the editor.
To apply the changes, you have to run the following command
grub-mkconfig -o /boot/grub/grub.cfg
Now reboot the system.
When grub just loads you will be prompted for the username and password. Remember that the user is root and the password is the one you defined, not the encrypted one.
So, enjoy it.
Conclusion
Protecting the grub is a good way to secure the system. This trick can be useful in several circumstances.
Hi Angelo,
Article is very useful but, it is asking password every reboot. How to possible if i manage 1000 servers means, How to provide password for 1000 server every reboot. Can you share steps “Avoid Grub2 password protection on every boot”
Centos 7 Grub2 password protection will ask password when ever you enter to change grub parameter otherwise system will boot automatically.
https://www.tecmint.com/password-protect-grub-in-linux/