Grub is the reference implementation of the Free Software Foundation’s Multi-boot Specification, which provides a user the choice to boot one of multiple operating systems installed on a computer or select a specific kernel configuration available on a particular operating system’s partitions.
Using Grub without password means any person with knowledge of grub and Linux can have unauthorized access to the your Linux system by passing some parameters at Grub menu,(pressing letter ‘e’ then few modifications ). To prevent this,you’ll have to create a user for Grub and generate encrypted password to associate. This tutorial is for CentOS and all Redhat Linux derivatives. we have another article on How to protect grub with password on Debian, Ubuntu and Kali Linux
Before editing ‘/etc/grub.d/10_linux’ file, it’s highly recommended to do a backup of both grub.cfg and 10_linux,
Backup grub.cfg file;
# cd /boot/grub2/ # cp grub.cfg grub.cfg.backup
Then backup 10_linux by;
# cd /etc/grub.d/ # cp 10_linux 10_linux.backup
To get grub password to use, generate grub encrypted password by typing following command on your terminal
# grub2-mkpasswd-pbkdf2
Then enter password Twice
After generating Grub encrypted password, open ‘/etc/grub.d/10_linux’ the file then add the below following lines at the end of the file.
# vi /etc/grub.d/10_linux
Then press G to get to last line.Press letter i or insert key and paste your contents at the end.
cat <<EOF set superusers=”Koromicha” Password_pbkdf2 Koromicha 'Paste Generated_encrypted_password' EOF
Replace Koromicha with the username you want to use on grub menu for login.
Save and quit by pressing ESC key then:
:wq
See screenshot below for visual details:
That’s all. Reboot your computer and you’ll see username prompt at the grub menu. Press e to login and enter your username and password.
