10 steps to Password Protect SUSE's Grub Bootloader


Applies to:

  • SUSE Linux Professional 9.2-9.3
  • SUSE Linux 10.0
  • Novell Linux Desktop 9
  • SUSE Linux Enterprise Server 9


  1. Log into your box as root
  2. Open up a shell.
  3. At command prompt, become superuser, then type grub:
    • linux:~ # su
      linux:~ # grub

  4. At “grub>” prompt type md5crypt:
    • grub> md5crypt

  5. Enter a password at the Password: prompt, preferably something other than root password:
    • Password: *****

  6. It will then give you the password encrypted
    • Encrypted: $1$Rdv455345ga345GvIRgXWxcF1Vjb7tZ//

  7. Copy the encrypted password into the clipboard.
  8. Open up a new shell.
  9. At command prompt, become superuser, then type vi /boot/grub/menu.lst
    • linux:~ # su
      linux:~ # vi /boot/grub/menu.lst

  10. After you see title SUSE Linux 10.0 on the next line type lock. On the following line type password md5 [the encrypted password you copied from previous shell]:
  11. ###Don't change this comment YaST2 identifier: Original name: linux###
    title SUSE Linux 10.0
    password md5 $1$Rdv455345ga345GvIRgXWxcF1Vjb7tZ//
    root (hd0,1)
         kernel /boot/vmlinuz root=/dev/hda2 vga=0x31a selinux=0
    resume=/dev/hda1  splash=silent showopts
         initrd /boot/initrd
Note: ***You may do the above steps for each grub boot item.

For even more protection you may set a BIOS password and disable all other boot options in the BIOS that are not needed.

(Visited 1 times, 1 visits today)

Leave a Reply

Your email address will not be published. Required fields are marked *

No comments yet