6

I have set Grub2 password following this thread. It works fine but now it prompts for username and password every time I start or restart my computer. It's actually the first thing it does.

Now, if the Grub config files get corrupted for some reason, I'm basically locked out of accessing anything. What I want is to have options, to be able to access my desktop and edit the config files without being Grub blocked, in case something goes wrong, but still have a password prompt when pressing shift key to access Grub menu.

This is how my 40_custom file looks like:

#!/bin/sh
exec tail -n +3 $0
set superusers="xxx"
password_pbkdf2 xxx hashed_password

I also looked into this thread where a similar question was asked and answered but the method was slightly different and it was for older versions of Ubuntu. I would gladly try out the solutions but I really don't want to mess things up and lock myself out.

So is there a safe way to achieve this? Would editing /etc/grub.d/10_linux suffice?

Thanks for your answers in advance.

UPDATE:

So I decided to try out the solution above and it worked but not without slight adjustments. I modified the /etc/grub.d/10_linux, added --unrestricted to the line 132:

echo "menuentry '$(echo "$os" | grub_quote)' --unrestricted ${CLASS} \$menuentry_id_option 'gnulinux-simple-$boot_device_id' {" | sed "s/^/$submenu_indentation/"

Note that you shouldn't make any changes to the line 130 above that says '$(echo "$title" | grub_quote)' or you won't be able to access Grub menu by pressing shift key from the boot. At least I was not able to.

After running sudo update-grub and restarting it will go straight past Grub, giving the desired effect. On the other hand, if the Grub menu is called upon, it will show the menu but whenever trying to hit any of the advanced options, including console and edit, it will prompt for username and password.

Hopefully, this will help someone in the same situation.

Community
  • 1
user633551
  • 476
  • 1
    http://superuser.com/questions/1001810/grub-menu-edit-protection-only ? – muru Feb 02 '17 at 12:52
  • When I did that and updated grub, I heard a very weird sound from my computer and also this message Warning: Setting GRUB_TIMEOUT to a non-zero value when GRUB_HIDDEN_TIMEOUT is set is no longer supported. although it went through it seems. However, now I'm hesitant to restart. Any advice? – user633551 Feb 02 '17 at 16:04
  • @user633551: please add your update as the answer. I did the same on 16.04.2 LTS and it worked. Thanks a ton! – Ubuntuser Jun 20 '17 at 12:45

1 Answers1

0

I appreciate you self-answering this, you saved me a lot of work. I don't have enough reputation to add a comment but I wanted to share a sed command I used to make this change.

Also MAKE SURE TO BACK UP THE GRUB.D DIRECTORY FIRST. Learn from my mistake, in my testing I ended up somehow adding --unrestricted to every line haha. Luckily I had another install I could copy the original file from.

# backup original grub.d folder
cp -a /etc/grub.d .
# add --unrestricted to line matching $os, and backup original file to 10_linux.bak
sed -i.bak "/\$os/s/grub_quote)'/grub_quote)' --unrestricted/" /etc/grub.d/10_linux
# compare changes
diff /etc/grub.d/10_linux{,.bak}
JoelG
  • 1