The software described in this documentation is either in Extended Support or Sustaining Support. See https://www.oracle.com/us/support/library/enterprise-linux-support-policies-069172.pdf for more information.
Oracle recommends that you upgrade the software described by this documentation as soon as possible.

3.2.2 Configuring a GRUB Password

If a system is not kept in a locked data center, and as an alternative to using any password protection mechanism built into the BIOS, you can add a degree of protection to the system by requiring a valid password be provided to the GRUB boot loader.

Note

Password protecting GRUB access prevents unauthorized users from entering single user mode and changing settings at boot time. It does not prevent someone from accessing data on the hard drive by booting into an operating system from a memory stick, or physically removing the drive to read its contents on another system.

To configure a GRUB password:

  1. Use the following command to generate the MD5 hash of your password: 

    # /sbin/grub-md5-crypt
Password: clydenw
Retype password: clydenw
$1$qhqh.1$7MQxS6GHg4IlOFMdnDx9S.

  2. Edit /boot/grub/grub.conf, and add a password entry below the timeout entry near the top of the file, for example: 

    timeout=5
password --md5 pwhash

    where pwhash is the hash value that grub-md5-crypt returned.

  3. If GRUB has been configured to boot multiple operating systems on the same machine, add a lock entry to after the title entry for each operating system, for example: 

    title Windows
lock

When you reboot the machine, you must press P and enter the GRUB password before you can access the GRUB command interface.

Copyright © 2013, 2021, Oracle and/or its affiliates. Legal Notices