How To Set Grub Password In Rhel 7

In my terminal article I shared the steps to protect GRUB2 from booting a kernel without password, now in this commodity I will share the steps to fix GRUB2 password for protecting the grub2 file on RHEL / CentOS 7. So that non-authorised users cannot modify the grub entry at the boot loader stage.

set up root password using grub2 setpassword rhel7

But before we start you must know GRUB2 offers two types of password protection:

Countersign is required for modifying menu entriesonly not for booting existing bill of fare entries;
Countersign is required for modifying menu entries and for booting i, several, or all carte du jour entries.

Then there are two definitions when we talk nigh set GRUB2 countersign in Linux. Earlier this was achieved usinggrub2-mkpasswd-pbkdf2 but starting with RHEL 7.2 the recommended tool to set GRUB2 countersign is past usinggrub2-setpassword.

How GRUB2 protection works?

You tin cheque/etc/grub.d/01_users file which will have beneath content

#!/bin/sh -e cat << EOF if [ -f ${prefix}/user.cfg ]; and then   source ${prefix}/user.cfg   if [ -due north "${GRUB2_PASSWORD}" ]; then     set superusers="root"     export superusers     password_pbkdf2 root ${GRUB2_PASSWORD}   fi fi EOF

and the same will be available inside/boot/grub2/grub.cfg

### Begin /etc/grub.d/01_users ### if [ -f ${prefix}/user.cfg ]; then   source ${prefix}/user.cfg   if [ -due north "${GRUB2_PASSWORD}" ]; then     set superusers="root"     export superusers     password_pbkdf2 root ${GRUB2_PASSWORD}   fi fi ### END /etc/grub.d/01_users ###

So basically here the chow checks for/boot/grub2/user.cfg to become the GRUB2_PASSWORD and if found it will set the respective password for the provided superuser which here is root. The same password is then assigned using password_pbkdf2

Steps to gear up GRUB2 password

First of all create a password usinggrub2-setpassword and root user.

          # grub2-setpassword          Enter password: Ostend password:

This control will create (if already not existing) or update the content of/boot/grub2/user.cfg with the hash password

# cat /kick/grub2/user.cfg          GRUB2_PASSWORD=grub.pbkdf2.sha512.10000.BB05A464F1E8C1AFC62CAE808679084D07B2DB9635934A8B7640BF84329455114E36001854108B7080D0A8A6335CBCBBA3E7B86BDF7468F307EE4EEFDCC294E2.CED195B269E2C60A94B5C61EFCF6B610383C306D5313CDB65DBE8063C7B8BDB1E571BD4661D398A7626878BF6055435658741D804F01A8E679DC69E8510B72A0

IMPORTANT Note:

You do non demand to rebuild your initramfs since the grub2.cfg already contains all the required part to bank check for grub password during boot loader phase.

Proceed with the reboot of your Linux node to validate your changes. When you go the splash screen with the grub bill of fare, press e to edit the highlighted kernel

set grub2 password remove grub2 password in rhel 7

Information technology will prompt you for username and password. hither the username is root and the countersign volition the 1 you lot used with grub2-setpassword

How to set GRUB2 password using grub2-setpassword (RHEL / CentOS 7)

If the entries match and then you will get the grub2.cfg content for editing purpose.

Steps to remove GRUB2 password

To remove GRUB2 password yous must delete the/boot/grub2/user.cfg file or clear the content of this file. And then when there is no GRUB2_PASSWORD defined, and so the kernel will not prompt for 1 when some attempts to edit the chow bill of fare.

So let us remove the user.cfg file containing GRUB2_PASSWORD

# rm -f /kicking/grub2/user.cfg

IMPORTANT NOTE:

You do not need to rebuild your initramfs since the grub2.cfg already contains all the required function to check for grub password during boot loader stage.

Now reboot your system to validate the changes.

Lastly I promise the steps from the article to fix GRUB2 countersign and remove GRUB2 password in RHEL / CentOS vii Linux was helpful. Then, let me know your suggestions and feedback using the annotate section.