7.3.
Setting a Boot Loader Password
GRUB reads many file systems without
the help of an operating system. An operator can interrupt the
booting sequence to choose a different operating system to boot,
change boot options, or recover from a system error. However, these
functions may introduce serious security risks in some
environments. You can add a password to
GRUB so that the operator must enter
the password to interrupt the normal boot sequence.
| GRUB Passwords Not Required |
---|
You may not require a GRUB password
if your system only has trusted operators, or is physically
secured with controlled console access.
However, if there is a chance someone can get physical access to
the keyboard and monitor of your computer, that person can
reboot the system and access GRUB.
This is where a password is helpful.
|
To set a boot password, select the Use a boot loader
password checkbox. The Change
password button will become active. Select
Change password to display the dialog
below. Type the desired password, and then confirm it by typing
it again in the spaces provided.
| Choose a Good Password |
---|
Choose a password that is easy for you to remember but hard for
others to guess.
|
| Forgotten GRUB Passwords |
---|
GRUB stores the password in encrypted
form, so it cannot be read or recovered. If
you forget the boot password, boot the system normally and then
change the password entry in the
/boot/grub/grub.conf file. If you cannot
boot, you may be able to use the "rescue" mode on the first Fedora Core
installation disc to reset the GRUB password.
|
If you do need to change the GRUB
password, use the grub-md5-crypt
utility. For
information on using this utility, use the command man
grub-md5-crypt
in a terminal window to read the manual
pages.