In this guide, you will learn How to set grub2 password in RHEL/CentOS 7/8.
What is GRUB and What is its use?
GRUB stands for Grand Unified Bootloader.
In simple language, we can say that GRUB is a boot loader.
When you power ON the system, you get a list where the system gives you a choice of how to boot. This feature provides you with GRUB.
GRUB is a powerful feature inside the Linux operating system that provides us with many useful features like:
When multiple operating systems are installed in your system, you can boot your desired operating system with the help of GRUB.As soon as you power ON the system, GRUB will display a list of all operating systems that are installed on your Desktop/Server from which you can choose which OS to boot.
- GRUB also helps us troubleshoot Operating Systems. For example, you can reset the forgotten root user’s password by logging into the Operating System in single-user mode.
- You can configure the Kernel of any particular Operating System according to your requirement.
GRUB has many such important features. I will publish a dedicated article on this and explain it in depth.
Why do we need to protect GRUB?
As a Linux administrator, it is your responsibility to take care of security.
By protecting the GRUB, you can prevent an unknown person from entering into single-user mode.
Can prevent unwanted/malicious Server/Kernel configurations.
and so on.
I hope you have got a basic idea about GRUB. Let’s get to the topic.
Step #1 Generate GRUB Password for root user
Run the following command to generate GRUB password for the root user.
~]# grub2-setpassword Enter password: Confirm password:
This command generates a hashed password that is stored in the /boot/grub2/user.cfg file.
Note: By default
user.cfg does not exist. If you have previously generated a password using the command
grub2-setpassword then this file will exist, otherwise this command will generate a new file.
~]# cd /boot/grub2/ grub2]# ls device.map fonts grub.cfg grubenv i386-pc user.cfg
You can display the generated password using the
grub2]# cat user.cfg GRUB2_PASSWORD=grub.pbkdf2.sha512.10000.9673E78A74C300135E39EB9CF4093448522D02E6CA8F72B92B9F46FB32C26FF78C6A5B299CB0156CF9F7EAA7AE20CDF374551424CFC8963E929962BD02098076.C14F44BDE163038AD59C7E93296112A777B4DBB1A55606142AB04B67C7AA255DF003E9316163687A4A7533EE4759E9237CB2EEE984A03F85A98A9144FAEE3172
Step #2 Recreate the GRUB2 Configuration file
Because we have implemented some new configuration, we have to recreate the GRUB configuration file.
Run the following command to recreate the GRUB configuration file.
~]# grub2-mkconfig -o /boot/grub2/grub.cfg Generating grub configuration file ... done
We have successfully set the grub2 password. Now we have to restart the system to check if the password is set properly.
So run the following command to restart the system.
As soon as you restart the server, you will get the following screen.
Here you will get 5 seconds to interrupt the normal boot process. So quickly press any key to interrupt the boot process.
Now select the highlighted menu and press
e to edit the same.
Note: You can select the menu by using the
down arrow on your Keyword.
As you can see in the following snapshot GRUB is asking us to enter Username and Password while editing entries.
Here you enter root in place of the Username and enter the Password you entered while generating the GRUB password.
After entering the correct username and password, you can edit GRUB.
How to remove GRUB2 password protection
Removing GRUB password protection is easy. Delete the
user.cfg file using the following command. That’s it.
~]# rm /boot/grub2/user.cfg rm: remove regular file '/boot/grub2/user.cfg'? y
I hope you have learned something from this article.
Now I’d like to hear your thoughts.
Was this guide useful to you?
Or maybe you have some queries.
If you know any other method to set GRUB2 password then you can share in the comment box.