仅 GRUB 菜单编辑保护

Question 1

我刚刚找到了解决方案。我只需要按照以下说明将unrestricted属性添加到文件中的菜单项：/etc/grub.d/10_linuxhttp://daniel-lange.com/archives/75-Securing-the-grub-boot-loader.html

    echo "menuentry '$(echo "$os" | grub_quote)' ${CLASS} --unrestricted \$menuentry_id_option 'gnulinux-simple-$boot_device_id' {" | sed "s/^/$submenu_indentation/"

编辑时它将保留密码。

Answer

我刚刚找到了解决方案。我只需要按照以下说明将unrestricted属性添加到文件中的菜单项：/etc/grub.d/10_linuxhttp://daniel-lange.com/archives/75-Securing-the-grub-boot-loader.html

    echo "menuentry '$(echo "$os" | grub_quote)' ${CLASS} --unrestricted \$menuentry_id_option 'gnulinux-simple-$boot_device_id' {" | sed "s/^/$submenu_indentation/"

编辑时它将保留密码。

Question 2

要允许 Grub 在没有密码的情况下启动默认选项，但要求输入密码才能进行其他所有操作，包括编辑选项，请编辑/etc/grub.d/10_linux并找到以下行并menuentry添加，如下所示：--users ''--unrestricted

if [ x$type != xsimple ] ; then
    # ...
    echo "menuentry '$(echo "$title" | grub_quote)' ${CLASS} --users '' \$menuentry_id_option 'gnulinux-$version-$type-$boot_device_id' {" | sed "s/^/$submenu_indentation/"
else
    echo "menuentry '$(echo "$os" | grub_quote)' ${CLASS} --unrestricted \$menuentry_id_option 'gnulinux-simple-$boot_device_id' {" | sed "s/^/$submenu_indentation/"
fi

Answer

要允许 Grub 在没有密码的情况下启动默认选项，但要求输入密码才能进行其他所有操作，包括编辑选项，请编辑/etc/grub.d/10_linux并找到以下行并menuentry添加，如下所示：--users ''--unrestricted

if [ x$type != xsimple ] ; then
    # ...
    echo "menuentry '$(echo "$title" | grub_quote)' ${CLASS} --users '' \$menuentry_id_option 'gnulinux-$version-$type-$boot_device_id' {" | sed "s/^/$submenu_indentation/"
else
    echo "menuentry '$(echo "$os" | grub_quote)' ${CLASS} --unrestricted \$menuentry_id_option 'gnulinux-simple-$boot_device_id' {" | sed "s/^/$submenu_indentation/"
fi

仅 GRUB 菜单编辑保护

答案1

答案2

相关内容