On Sun, Mar 04, 2007 at 09:45:22AM -0500, Chuck Anderson wrote:
> On Sun, Mar 04, 2007 at 03:00:05PM +0100, Enrico Scholz wrote:
> > > tested this in fedora for some months, but last I checked, runlevel 1
> > > dropped the user directly in a root shell.
> > >
> > > Runlevel 3 is at least as safe as runlevel 5 and could be used with no
> > > security implications.
> >
> > As long as Grub and the BIOS are not protected with a password by
> > default, we do not need to discuss this....
>
> Does grub have a "secure" flag you can put in a stanza to require grub
> to prompt for a password? That would solve the security concern.
Answering myself:
-- Command: lock
Prevent normal users from executing arbitrary menu entries. You
must use the command `password' if you really want this command to
be useful (*note password::).
This command is used in a menu, as shown in this example:
title This entry is too dangerous to be executed by normal users
lock
root (hd0,a)
kernel /no-security-os
See also *Note Security::.
under *Note Security*:
Also, you can specify an optional argument to `password'. See this
example:
password PASSWORD /boot/grub/menu-admin.lst
In this case, GRUB will load `/boot/grub/menu-admin.lst' as a
configuration file when you enter the valid password.
--
fedora-devel-list mailing list
fedora-devel-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-devel-list
