Workaround (avoiding plain-text passwords in /etc/grub.d) For those who cannot be bothered with a PPA repository for grub2, and want to let users set their own bootup passwords and/or have users who don't want to divulge their bootup password to the system administrator ...
Remembering that the usual bash shell constructs work, one can do something similar to this, within 00_header ----- password nick $(gpg --decrypt --no-mdc-warning --batch --no-tty --no-use-agent --quiet --passphrase-file /etc/grub.d/pass.txt /home/nick/nick.pwd.gpg) ----- Repeat for other users authorised to set their own passwords. Put the attached script in /usr/local/bin for users to set their own passwords. And you need to generate /etc/grub.d/pass.txt as the unrotated passphrase (or make alternative arrangements). Limitations: 1. The passphrase used to drive GPG could be hidden a bit better 2. You will still get a clear-text copy of the users' passwords in /boot/grub/grub.cfg, when you run update-grub, make sure it is generated with permissions -r-------- (600, in favour of root:root). ** Attachment added: "Script for users to set their own boot-time passwords (passphrase changed)" https://bugs.launchpad.net/ubuntu/+source/grub2/+bug/392158/+attachment/2585110/+files/SetBootPassword -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/392158 Title: passwords are awkward to use with grub-mkconfig To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/grub2/+bug/392158/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
