2

Using this guide I am attempting to add a bootloader password to a CentOS7 install.

When prompted, enter the password that was selected and insert the returned password hash into the appropriate grub2 configuration file(s) under /etc/grub.d immediately after the superuser account. (Use the output from grub2-mkpasswd-pbkdf2 as the value of password-hash):

I've created the "superusers-accountpassword-hash" using grub2-mkpasswd-pbkdf2, but am not seeing where to add this line:

password_pbkdf2 superusers-accountpassword-hash

The only files in /etc/grub.d/ are binaries. The guide says not to use /etc/grub.cfg since this is overwritten by grub2-mkconfig -o /boot/grub2/grub.cfg

Where does the password_pbkdf2 directive go?

a coder
  • 789
  • 4
  • 20
  • 38

1 Answers1

1

You need to create /etc/grub.d/01_users file and place the info in there. This typically is created when GRUB boot loader password is used in a kickstart template but must be made manually otherwise.

Source:

https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/System_Administrators_Guide/sec-GRUB_2_Password_Protection.html

wilbo
  • 84
  • 2