[gentoo-user] grub passwords - how do I limit OS selection?
Hi, I would like to limit OS selection at boot time. The machine has Gentoo and Windows. Gentoo *must* be the booted OS unless a password is entered. I have tried the password feature in grub but it does not implement this feature. It implements changing boot time kernel options, but not OS choice as far as I can tell. I also tried adding the hiddenmenu option in grub but it seems that with hiddenmenu turned on grub never accepts a password. Is there a way to implement what I need? If you can provide an example that would be great. NOTE: I currently do this be editing the grub file itself but I'm looking for something more sophisticated since I'd like my wife to be able to boot Windows but not my son. Thanks all, Mark -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] grub passwords - how do I limit OS selection?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Mark Knecht wrote: NOTE: I currently do this be editing the grub file itself but I'm looking for something more sophisticated since I'd like my wife to be able to boot Windows but not my son. Have windows users, then. Let your son boot it, but not use it. - -- Arturo Buanzo Busleiman - VPN Mail Project - http://vpnmail.buanzo.com.ar Consultor en Seguridad Informatica - http://www.buanzo.com.ar Genetic - A multiplatform Gentoo Portage Frontend - http://genetic.sourceforge.net for f in www blog linux-consulting vpnmail; do firefox http://$f.buanzo.com.ar ; done -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.4 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFEzM6fAlpOsGhXcE0RAlenAJwOrJIZELZ5LsXsG6ZFJ66ZwAKv4gCffdMW KsZLVSipyMcF+Oo6B/QJwoU= =x5KS -END PGP SIGNATURE- -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] grub passwords - how do I limit OS selection?
On 7/30/06, Arturo 'Buanzo' Busleiman [EMAIL PROTECTED] wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Mark Knecht wrote: NOTE: I currently do this be editing the grub file itself but I'm looking for something more sophisticated since I'd like my wife to be able to boot Windows but not my son. Have windows users, then. Let your son boot it, but not use it. Arturo, Hi. Thanks for the response. Not an acceptable strategy. My son is a Windows user for playing games. I do not want him using Windows when he chooses since the gaming gets in the way of school, as it should for any healthy 14 year old boy. ;-) What I really want is when the machine turns on he gets Linux unless myself or my wife grants him access to Windows. Thanks, Mark -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] grub passwords - how do I limit OS selection?
Mark Knecht wrote: On 7/30/06, Arturo 'Buanzo' Busleiman [EMAIL PROTECTED] wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Mark Knecht wrote: NOTE: I currently do this be editing the grub file itself but I'm looking for something more sophisticated since I'd like my wife to be able to boot Windows but not my son. Have windows users, then. Let your son boot it, but not use it. Arturo, Hi. Thanks for the response. Not an acceptable strategy. My son is a Windows user for playing games. I do not want him using Windows when he chooses since the gaming gets in the way of school, as it should for any healthy 14 year old boy. ;-) What I really want is when the machine turns on he gets Linux unless myself or my wife grants him access to Windows. Thanks, Mark Hi Mark, Check the official gentoo security guide (docs section). ... 2.b. Password protecting GRUB GRUB supports two different ways of adding password protection to your boot loader. The first uses plain text, while the latter uses md5+salt encryption. ... Haven't used it though. HTH.Rumen smime.p7s Description: S/MIME Cryptographic Signature
Re: [gentoo-user] grub passwords - how do I limit OS selection?
El Domingo, 30 de Julio de 2006 16:09, Mark Knecht escribió: Hi, I would like to limit OS selection at boot time. The machine has Gentoo and Windows. Gentoo *must* be the booted OS unless a password is entered. I have tried the password feature in grub but it does not implement this feature. It implements changing boot time kernel options, but not OS choice as far as I can tell. I also tried adding the hiddenmenu option in grub but it seems that with hiddenmenu turned on grub never accepts a password. Is there a way to implement what I need? If you can provide an example that would be great. NOTE: I currently do this be editing the grub file itself but I'm looking for something more sophisticated since I'd like my wife to be able to boot Windows but not my son. Thanks all, Mark Grub cant do that. It can protect with passwords the menu entries, to prevent anyone from editing them (to boot with an alternate kernel, from another root, in any other runlevel or stuff like that). But it cant protect -as far as I can tell- the entries one by one. You want to be able to boot into linux at any given momment, and grub to ask you for a password if you hit enter when the Windows entry is selected. If that affirmation is correct, then grub cant do that for what I can tell. I use md5 pass in grub, but it just prevent someone from editing the grub stuff and using a different root or kernel line to boot from. You best bet is to use WinXp, 2k, or any other version of windows that can be hardened a bit. Just put a password in all the windows accounts, and do not give any password to your son. This way, you son will be able to see the Winxp login screen, but he will not be able to enter without a password. If your son is smart enough, anyway, the passwords are nothing (he can always boot from the linux partition, locate the keys, and decipher them with jack or something similar, nt passwords are not hard to beat, and a fast search in the net will reveal all that you need to know to do so). So, in which regards children, the best bet is to cut the physicall access to the box. -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] grub passwords - how do I limit OS selection?
On Sun, Jul 30, 2006 at 07:09:41AM -0700, Mark Knecht wrote: Hi, I would like to limit OS selection at boot time. The machine has Gentoo and Windows. Gentoo *must* be the booted OS unless a password is entered. I have tried the password feature in grub but it does not implement this feature. It implements changing boot time kernel options, but not OS choice as far as I can tell. I also tried adding the hiddenmenu option in grub but it seems that with hiddenmenu turned on grub never accepts a password. Is there a way to implement what I need? If you can provide an example that would be great. NOTE: I currently do this be editing the grub file itself but I'm looking for something more sophisticated since I'd like my wife to be able to boot Windows but not my son. Thanks all, Mark Mark, Unless I'm reading your needs wrong, I think you need the lock command as well as the password command. http://www.gnu.org/software/grub/manual/grub.html#password http://www.gnu.org/software/grub/manual/grub.html#lock HTH, festus -- Ambition is a poor excuse for not having enough sense to be lazy. pgp8Lzy5W5Aow.pgp Description: PGP signature
Re: [gentoo-user] grub passwords - how do I limit OS selection?
On Sun, Jul 30, 2006 at 04:59:34PM -0400, John J. Foster wrote: On Sun, Jul 30, 2006 at 07:09:41AM -0700, Mark Knecht wrote: Hi, I would like to limit OS selection at boot time. The machine has Gentoo and Windows. Gentoo *must* be the booted OS unless a password is entered. I have tried the password feature in grub but it does not implement this feature. It implements changing boot time kernel options, but not OS choice as far as I can tell. I also tried adding the hiddenmenu option in grub but it seems that with hiddenmenu turned on grub never accepts a password. Is there a way to implement what I need? If you can provide an example that would be great. NOTE: I currently do this be editing the grub file itself but I'm looking for something more sophisticated since I'd like my wife to be able to boot Windows but not my son. Thanks all, Mark Mark, Unless I'm reading your needs wrong, I think you need the lock command as well as the password command. http://www.gnu.org/software/grub/manual/grub.html#password http://www.gnu.org/software/grub/manual/grub.html#lock oops - forgot one http://www.gnu.org/software/grub/manual/grub.html#Security -- Ambition is a poor excuse for not having enough sense to be lazy. pgpCHHFd6Vngo.pgp Description: PGP signature
Re: [gentoo-user] grub passwords - how do I limit OS selection?
Mark Knecht wrote: My son is a Windows user for playing games. I do not want him using Windows when he chooses since the gaming gets in the way of school, as it should for any healthy 14 year old boy. ;-) If you're using an NT-based version of windows (NT4, 2000, XP, or one of those fancy Vista previews), you can use the Administrator account (or any user with admin rights, e.g. your wife) to disable your son's account when he isn't allowed to be gaming. Or, change his password to something of your choice, and type it in for him when he is allowed to play, same as you would at the GRUB prompt. And if you're using a Windows NT4, I hope for your sake it doesn't have network drivers installed. :) What I really want is when the machine turns on he gets Linux unless myself or my wife grants him access to Windows. How's your C? ;) HTH. -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] grub passwords - how do I limit OS selection?
On 7/30/06, Rumen Yotov [EMAIL PROTECTED] wrote: Hi Mark, Check the official gentoo security guide (docs section). ... 2.b. Password protecting GRUB GRUB supports two different ways of adding password protection to your boot loader. The first uses plain text, while the latter uses md5+salt encryption. ... Haven't used it though. HTH.Rumen Rumen, Thanks, but they are just two versions of what I've already tried. That password protection, as shown in the Gentoo Security Guide, only password protects changing the way you boot each option. As shown in the guide it does not protect which version you are allowed to boot. Cheers, Mark -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] grub passwords - how do I limit OS selection?
On Sun, Jul 30, 2006 at 04:49:42PM -0700, Mark Knecht wrote: On 7/30/06, John J. Foster [EMAIL PROTECTED] wrote: Thanks very much. It's a great solution for what I need. It does limit the use of Windows, which is what I wanted, until the password is typed in. Once typed in it also seems to allow changing the boot time options on Linux, but in my son's case I'm not the least bit worried he's going to try anything there. Mark - from http://www.gnu.org/software/grub/manual/grub.html#Security You can also use the command password instead of lock. In this case the boot process will ask for the password and stop if it was entered incorrectly. Since the password takes its own PASSWORD argument this is useful if you want different passwords for different entries. -- Ambition is a poor excuse for not having enough sense to be lazy. pgpm43yLTnm3Z.pgp Description: PGP signature
Re: [gentoo-user] grub passwords - how do I limit OS selection?
On 7/30/06, John J. Foster [EMAIL PROTECTED] wrote: On Sun, Jul 30, 2006 at 04:49:42PM -0700, Mark Knecht wrote: On 7/30/06, John J. Foster [EMAIL PROTECTED] wrote: Thanks very much. It's a great solution for what I need. It does limit the use of Windows, which is what I wanted, until the password is typed in. Once typed in it also seems to allow changing the boot time options on Linux, but in my son's case I'm not the least bit worried he's going to try anything there. Mark - from http://www.gnu.org/software/grub/manual/grub.html#Security You can also use the command password instead of lock. In this case the boot process will ask for the password and stop if it was entered incorrectly. Since the password takes its own PASSWORD argument this is useful if you want different passwords for different entries. Festus, Thanks. Even better! Cheers, Mark -- gentoo-user@gentoo.org mailing list