On Wed, 2010-06-09 at 22:13 +0530, Pallav Jain wrote: > But as listed at the url: > > http://www.fedoraguide.info/index.php?title=Main_Page#How_to_disable_all_interactive_editing_control_for_GRUB_menu > > Nowhere are being seen the following contents: > > ## password ['--md5'] passwd > # If used in the first section of a menu file, disable all interactive editing > # control (menu entry editor and command-line) and entries protected by the > # command 'lock' > > which should be in '/boot/grub/menu.lst' As has been mentioned before, "/etc/grub.conf" "/boot/grub/grub.conf" and "/boot/grub/menu.lst" are all the same thing. One is the actual file, the others are links to it. You can work on any of them, it works the same. If you're trying to put an encrypted password into GRUB, so that only an authorised person can do something with it, then follow the steps on the page, carefully. Open a shell, switch to being the root user by using the "su -" command, type in the root user password, and hit enter. You'll need to be root to use grub. Type in the "grub" command, and hit enter. Now you're in the grub shell, instead of the bash shell. The commands you type, from now on, are grub commands. Type in the "md5crypt" command, and hit enter. Now you type in the password that you want to use, and hit enter. It'll spit back a string of characters that is the encrypted version of your password. It's this string of characters you'll put into your grub.conf file. Don't use the string of characters that the web page shows as an example. In your grub.conf file, before the first title sections, you'll put in the password next to the "password --md5" instruction, like I've done below. The "--md5" bit of the command line details the type of encryption that was used with the password. #boot=/dev/sda default=0 timeout=5 splashimage=(hd0,0)/grub/splash.xpm.gz password --md5 $1vcvbhnjmk,l;;lbvcdC. title Fedora Now, with that in place, only someone who knows the password can press the "e" key in the grub boot screen to temporarily change how the computer will boot. All they can do is pick from the choices in the menu. If they attempt to use the "e" (edit) function, they'll be asked to type in the password. On top of that, if you wish to lock out some of the menu choices, so that only someone with the password can use them, then simply put the "lock" instruction directly under the title line. Like this: title Boot from floppy disk drive lock rootnoverify (fd0) chainloader +1 And then.... if you want different passwords for different menu items, put the password line within the different title sections of the grub.conf file, instead of having one password line above all of them. title WinXP password --md5 $1iuyfd56tghjhgC. lock rootnoverify (hd0,0) chainloader +1 title Boot from floppy disk drive password --md5 $1vcvbhnjmk,l;;lbvcdC. lock rootnoverify (fd0) chainloader +1 If you're going to lock up the booting choices to stop people fiddling with your PC, then you'll also want to change the BIOS settings, so that someone can't simply boot from a CD or floppy, and bypass your grub. Go into your BIOS, change the boot options so that your hard drive is the only device that can be booted from, set a password on the BIOS, save the settings and exit. Now someone who wants to mess with your computer will have to open up the case and yank out the drive or the BIOS clock battery, or reset the BIOS. That's going to be difficult to do without someone seeing them do it. -- [tim@localhost ~]$ uname -r 2.6.27.25-78.2.56.fc9.i686 Don't send private replies to my address, the mailbox is ignored. I read messages from the public lists. -- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines