On Sat, 12 Jan 2008, Tim wrote: > On Fri, 2008-01-11 at 16:42 -0500, Robert P. J. Day wrote: > > but here's something i just noticed that strikes me as weird -- if you > > have a grub password, you'll need to enter it to edit the boot line, > > but you *don't* need it to simply make a non-default selection. i > > *think* i've just verified that, but if someone else wants to confirm > > it, feel free. that seems like a security hole. > > If you want password protected menu items, you must put password > commands into those stanzas. Either a "lock" command so you enter > the password previously set. Or a password command to have > individual passwords for different menu items. > > I do that for some of them (e.g. I have "boot from floppy" menu > options, and "begrudgingly boot ye olde Windows," that I protect > against), but leave other things fine (e.g. memtest can be run, > different kernels for this Linux can be run, and I have a halt entry > to turn off the box without having to hang onto the power button - > useful if you accidentally rebooted instead of shutdown). yes, i noticed that upon further reading of the grub docs. for some reason, i always thought you needed to enter the global grub password if you tried to do *anything* out of the ordinary other than just let the system boot with the default grub entry. i didn't realize that you could still select a different grub entry without needing that password. learn something every day, as they say. rday -- ======================================================================== Robert P. J. Day Linux Consulting, Training and Annoying Kernel Pedantry Waterloo, Ontario, CANADA Home page: http://crashcourse.ca Fedora Cookbook: http://crashcourse.ca/wiki/index.php/Fedora_Cookbook ========================================================================
