Novell LINUX ENTERPRISE SERVER 10 - INSTALLATION AND ADMINISTRATION 04-08-2006 Installation Manual page 410

(/grub/stage1 (hd0,3)). This is a slightly esoteric configuration, but it is
known to work in many cases. stage2 should be loaded to the memory address
0x8000 (/grub/stage2 0x8000). The last entry
((hd0,4)/grub/menu.lst) tells GRUB where to look for the menu file.
21.2.4 Setting a Boot Password
Even before the operating system is booted, GRUB enables access to file systems. Users
without root permissions can access files in your Linux system to which they have no
access once the system is booted. To block this kind of access or prevent users from
booting certain operating systems, set a boot password.
IMPORTANT: Boot Password and Splash Screen
If you use a boot password for GRUB, the usual splash screen is not displayed.
As the user root, proceed as follows to set a boot password:
1 At the root prompt, encrypt the password using grub-md5-crypt:
2 Paste the encrypted string into the global section of the file menu.lst:
3 To prevent one or several operating systems from being booted from the boot
410 Installation and Administration
# grub-md5-crypt
Password: ****
Retype password: ****
Encrypted: $1$lS2dv/$JOYcdxIn7CJk9xShzzJVw/
gfxmenu (hd0,4)/message
color white/blue black/light-gray
default 0
timeout 8
password --md5 $1$lS2dv/$JOYcdxIn7CJk9xShzzJVw/
Now GRUB commands can only be executed at the boot prompt after pressing
and entering the password. However, users can still boot all operating systems
P
from the boot menu.
menu, add the entry lock to every section in menu.lst that should not be
bootable without entering a password. For example:
title linux
kernel (hd0,4)/vmlinuz root=/dev/hda7 vga=791