Re: Re: Help required

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



thx tim, your method is too good for securing the data. but i have som doubts which are as follows:

as you mentioned, i did, but frankly speaking, i am new user, so facing much problem. the issues are as follows:

1. i edited the grub.conf file, by adding in it the line:

password --md5 $xxx/

just above the first title section and below 'hiddenmenu' line. (where xxx=Envrypted password)

but is this encrypted password of the general user that i login with, in the fedora system? and not the root ever?

2. when we get the encrypted password while typing the command 'md5crypt' in the grub shell, where is this saved? i mean if at all after closing we want to see this encrypted password where to see? and each time if typing the 'md5crpty' command in the grub shell overwrites the previous password?

3. if we even encypt the password of the root, method is same? if yes, how to enter the username 'root' so that the sys. understands this is the encrypted password of 'root' only.

4. as you say:

"And then.... if you want different passwords for different menu items,
put the password line within the different title sections of the
grub.conf file, instead of having one password line above all of them.",

means that each encrypted password is to be obtained from the grub shell only, by typing that particular password? and it is saved where?

thanks man.

regards,
pallav

*************************************************************************************************
************************************************************************************************

As has been mentioned before, "/etc/grub.conf" "/boot/grub/grub.conf"
and "/boot/grub/menu.lst" are all the same thing.  One is the actual
file, the others are links to it.  You can work on any of them, it works
the same.

If you're trying to put an encrypted password into GRUB, so that only an
authorised person can do something with it, then follow the steps on the
page, carefully.

Open a shell, switch to being the root user by using the "su -" command,
type in the root user password, and hit enter.  You'll need to be root
to use grub.

Type in the "grub" command, and hit enter.  Now you're in the grub
shell, instead of the bash shell.  The commands you type, from now on,
are grub commands.

Type in the "md5crypt" command, and hit enter.  Now you type in the
password that you want to use, and hit enter.  It'll spit back a string
of characters that is the encrypted version of your password.  It's this
string of characters you'll put into your grub.conf file.  Don't use the
string of characters that the web page shows as an example.

In your grub.conf file, before the first title sections, you'll put in
the password next to the "password --md5" instruction, like I've done
below.  The "--md5" bit of the command line details the type of
encryption that was used with the password.

 #boot=/dev/sda
 default=0
 timeout=5
 splashimage=(hd0,0)/grub/
splash.xpm.gz

 password --md5 $1vcvbhnjmk,l;;lbvcdC.

 title Fedora

Now, with that in place, only someone who knows the password can press
the "e" key in the grub boot screen to temporarily change how the
computer will boot.  All they can do is pick from the choices in the
menu.  If they attempt to use the "e" (edit) function, they'll be asked
to type in the password.

On top of that, if you wish to lock out some of the menu choices, so
that only someone with the password can use them, then simply put the
"lock" instruction directly under the title line.  Like this:

 title Boot from floppy disk drive
   lock
   rootnoverify (fd0)
   chainloader +1

And then.... if you want different passwords for different menu items,
put the password line within the different title sections of the
grub.conf file, instead of having one password line above all of them.

title WinXP
   password --md5 $1iuyfd56tghjhgC.
   lock
   rootnoverify (hd0,0)
   chainloader +1

 title Boot from floppy disk drive
   password --md5 $1vcvbhnjmk,l;;lbvcdC.
   lock
   rootnoverify (fd0)
   chainloader +1

If you're going to lock up the booting choices to stop people fiddling
with your PC, then you'll also want to change the BIOS settings, so that
someone can't simply boot from a CD or floppy, and bypass your grub.

Go into your BIOS, change the boot options so that your hard drive is
the only device that can be booted from, set a password on the BIOS,
save the settings and exit.

Now someone who wants to mess with your computer will have to open up
the case and yank out the drive or the BIOS clock battery, or reset the
BIOS.  That's going to be difficult to do without someone seeing them do
it.


--
[tim@localhost ~]$ uname -r
2.6.27.25-78.2.56.fc9.i686

Don't send private replies to my address, the mailbox is ignored.  I
read messages from the public lists.
-- 
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux