How to set grub2 password in RHEL/CentOS 7/8 (Step by Step Guide)

In this guide, you will learn How to set grub2 password in RHEL/CentOS 7/8.

What is GRUB and What is its use?

GRUB stands for Grand Unified Bootloader.

In simple language, we can say that GRUB is a boot loader.

When you power ON the system, you get a list where the system gives you a choice of how to boot. This feature provides you with GRUB.

GRUB Boot loader

GRUB is a powerful feature inside the Linux operating system that provides us with many useful features like:

  • When multiple operating systems are installed in your system, you can boot your desired operating system with the help of GRUB.

    As soon as you power ON the system, GRUB will display a list of all operating systems that are installed on your Desktop/Server from which you can choose which OS to boot.
  • GRUB also helps us troubleshoot Operating Systems. For example, you can reset the forgotten root user’s password by logging into the Operating System in single-user mode.
  • You can configure the Kernel of any particular Operating System according to your requirement.

GRUB has many such important features. I will publish a dedicated article on this and explain it in depth.

Why do we need to protect GRUB?

As a Linux administrator, it is your responsibility to take care of security.

By protecting the GRUB, you can prevent an unknown person from entering into single-user mode.

Can prevent unwanted/malicious Server/Kernel configurations.

and so on.

I hope you have got a basic idea about GRUB. Let’s get to the topic.

Step #1 Generate GRUB Password for root user

Run the following command to generate GRUB password for the root user.

~]# grub2-setpassword 
Enter password: 
Confirm password: 

This command generates a hashed password that is stored in the /boot/grub2/user.cfg file.

Note: By default user.cfg does not exist. If you have previously generated a password using the command grub2-setpassword then this file will exist, otherwise this command will generate a new file.

~]# cd /boot/grub2/

grub2]# ls
device.map  fonts  grub.cfg  grubenv  i386-pc  user.cfg

You can display the generated password using the cat command.

grub2]# cat user.cfg 
GRUB2_PASSWORD=grub.pbkdf2.sha512.10000.9673E78A74C300135E39EB9CF4093448522D02E6CA8F72B92B9F46FB32C26FF78C6A5B299CB0156CF9F7EAA7AE20CDF374551424CFC8963E929962BD02098076.C14F44BDE163038AD59C7E93296112A777B4DBB1A55606142AB04B67C7AA255DF003E9316163687A4A7533EE4759E9237CB2EEE984A03F85A98A9144FAEE3172

Step #2 Recreate the GRUB2 Configuration file

Because we have implemented some new configuration, we have to recreate the GRUB configuration file.

Run the following command to recreate the GRUB configuration file.

~]# grub2-mkconfig -o /boot/grub2/grub.cfg
Generating grub configuration file ...
done

We have successfully set the grub2 password. Now we have to restart the system to check if the password is set properly.

So run the following command to restart the system.

~]# reboot

As soon as you restart the server, you will get the following screen.

Here you will get 5 seconds to interrupt the normal boot process. So quickly press any key to interrupt the boot process.

Interrupt the normal boot process

Now select the highlighted menu and press e to edit the same.

Note: You can select the menu by using the up and down arrow on your Keyword.

Edit the GRUB menu

As you can see in the following snapshot GRUB is asking us to enter Username and Password while editing entries.

Here you enter root in place of the Username and enter the Password you entered while generating the GRUB password.

Enter Username and Password

After entering the correct username and password, you can edit GRUB.

GRUB Console

How to remove GRUB2 password protection

Removing GRUB password protection is easy. Delete the user.cfg file using the following command. That’s it.

~]# rm /boot/grub2/user.cfg 
rm: remove regular file '/boot/grub2/user.cfg'? y

Conclusion

I hope you have learned something from this article.

Now I’d like to hear your thoughts.

Was this guide useful to you?

Or maybe you have some queries.

If you know any other method to set GRUB2 password then you can share in the comment box.

If you like our content, please consider buying us a coffee.

Buy Me A Coffee

We are thankful for your never ending support.

2 thoughts on “How to set grub2 password in RHEL/CentOS 7/8 (Step by Step Guide)”

Leave a Comment