Password-protect grub interactive commands

Milan nalimilan at
Sat Nov 10 15:56:14 UTC 2007

The issue for now is clear: you can't let your, say, laptop to anybody
for an hour or even less without risking ha may easily get root access
and maybe change your password or modify your system. It can simply be
used to read "confidential" files, like personal mail, not like military
secret but just private. Ubuntu is almost inviting you to do this by
simply rebooting and choosing "Recovery", without any restriction (you
need to know ho to use the very basics of console).

OTOH, inserting a LiveCD is almost as simple, and we can't prevent it.
Still, it's more complex to do. 1) The person must have the CD here by
hand, it may take time to get it 2) He must browse the system disks to
find the data ha wants, use a chroot to change passwords (much more
complex, only quite advanced users can do that) 3) This is a slightly
different pace, since the "attacker" must use an external software/disc
to do that, as opposed to the "included" Recovery mode. Using a CD is
clearly choosing to attack the computer.

Anyway, you have to secure your BIOS if you want a reasonably secured
computer. But locking GRUB would help the user to go this way if he
wants to.

Now what are the drawbacks of asking for a password in GRUB? The only I
can see is if you've lost your root/admin user password, or you have to
work on a system in which you don't have any password though you have
the authorization/request to administrate it. In this case, I think
requiring the admin to use a LiveCD in not abusive.

All in all, I'd rather suggest to activate password-locked GRUB, but I
understand this question is hard to decide. Does anybody see other
agruments on both sides?


More information about the Ubuntu-devel-discuss mailing list