10 steps to Password Protect SUSE’s Grub Bootloader

By: ksonnier

January 12, 2006 12:00 am





Applies to:

  • SUSE Linux Professional 9.2-9.3
  • SUSE Linux 10.0
  • Novell Linux Desktop 9
  • SUSE Linux Enterprise Server 9


  1. Log into your box as root
  2. Open up a shell.
  3. At command prompt, become superuser, then type grub:
    • linux:~ # su
      linux:~ # grub

  4. At “grub>” prompt type md5crypt:
    • grub> md5crypt

  5. Enter a password at the Password: prompt, preferably something other than root password:
    • Password: *****

  6. It will then give you the password encrypted
    • Encrypted: $1$Rdv455345ga345GvIRgXWxcF1Vjb7tZ//

  7. Copy the encrypted password into the clipboard.
  8. Open up a new shell.
  9. At command prompt, become superuser, then type vi /boot/grub/menu.lst
    • linux:~ # su
      linux:~ # vi /boot/grub/menu.lst

  10. After you see title SUSE Linux 10.0 on the next line type lock. On the following line type password md5 [the encrypted password you copied from previous shell]:
  11. ###Don't change this comment YaST2 identifier: Original name: linux###
    title SUSE Linux 10.0
    password md5 $1$Rdv455345ga345GvIRgXWxcF1Vjb7tZ//
    root (hd0,1)
         kernel /boot/vmlinuz root=/dev/hda2 vga=0x31a selinux=0
    resume=/dev/hda1  splash=silent showopts
         initrd /boot/initrd
Note: ***You may do the above steps for each grub boot item.

For even more protection you may set a BIOS password and disable all other boot options in the BIOS that are not needed.

0 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 5 (0 votes, average: 0.00 out of 5)
You need to be a registered member to rate this post.

Categories: Uncategorized

Disclaimer: As with everything else in the SUSE Blog, this content is definitely not supported by SUSE (so don't even think of calling Support if you try something and it blows up).  It was contributed by a community member and is published "as is." It seems to have worked for at least one person, and might work for you. But please be sure to test, test, test before you do anything drastic with it.