1
00:00:00,000 --> 00:00:11,400
So there are two types of passwords that you can set, and that's the password for modifications

2
00:00:11,400 --> 00:00:17,680
or the password for booting. On RHEL and related, you can use GRUB2.setPassword, and that will

3
00:00:17,680 --> 00:00:24,879
create a file with the name boot.grub2.user.cfg which contains username and password. And

4
00:00:24,879 --> 00:00:31,040
after a reboot to make changes, the user will be prompted for a password. On Ubuntu, it's

5
00:00:31,040 --> 00:00:39,439
a little bit different. You need the GRUB mkpasswd pbkdf2 to generate a hashed password.

6
00:00:39,439 --> 00:00:45,959
And the password starts with grub.pbkdf2, and you need to copy all of that. Next in

7
00:00:45,959 --> 00:00:54,220
the etc.grub.d directory, you create a file with the name 00__header file. And there,

8
00:00:54,220 --> 00:01:00,580
the contents is first set superusers is student. That's the username that is required. And

9
00:01:00,580 --> 00:01:08,860
next, you use password pbkdf2 student followed by the password that you have just generated.

10
00:01:08,860 --> 00:01:13,260
And now you need to update GRUB. And the next time, you restart the system, and you need

11
00:01:13,260 --> 00:01:20,500
to add the username as well as the password when you are prompting. Let me show you. So

12
00:01:20,540 --> 00:01:29,779
for this demo, I'm going for the CentOS approach. Anyway, Linux Plus unofficially is for Ubuntu

13
00:01:29,779 --> 00:01:34,779
as well as Red Hat family. But you will notice that the emphasis is a little bit more on the

14
00:01:34,779 --> 00:01:40,580
Red Hat family. So if ever you need to guess what am I going to study for, better make sure

15
00:01:40,580 --> 00:01:47,379
that you are super comfortable with the Red Hat stuff. So GRUB2 set password is asking me to

16
00:01:47,379 --> 00:01:54,739
enter a password. Let me enter my very secure password. There we go. And then I'm going to

17
00:01:54,739 --> 00:02:01,820
use a reboot. Here's my GRUB boot menu. And there, it's entering a username. Oh, what is my

18
00:02:01,820 --> 00:02:08,220
username? Root followed by the password. And there we have access to the GRUB boot

19
00:02:08,259 --> 00:02:14,059
interface. I never specified the username. That is correct. And let me show you what is going on

20
00:02:14,059 --> 00:02:19,860
behind the scenes so that you understand a little bit more about this. So I'm back in my root cell.

21
00:02:19,860 --> 00:02:27,339
And in this root cell, let's explore boot GRUB2. And in boot GRUB2, you can find the user.cfg.

22
00:02:27,380 --> 00:02:33,100
And this user.cfg, that is what it is all about. So the funny thing is that we have the GRUB

23
00:02:33,100 --> 00:02:39,139
password and this GRUB password by default is set for the root user. So that is how it works and

24
00:02:39,139 --> 00:02:42,580
how you can secure your system with GRUB boot password.