GRUB锁定密码
2025/1/19...大约 2 分钟
GRUB锁定密码
该方法用于设置一个无法修改的用户密码,即使已经拥有root权限并且已经修改了密码,重启设备密码会自动恢复。
修改如下文件
L79-L88
[root@ubuntu grub2]# cat grub.cfg
#
# DO NOT EDIT THIS FILE
#
# It is automatically generated by grub2-mkconfig using templates
# from /etc/grub.d and settings from /etc/default/grub
#
### BEGIN /etc/grub.d/00_header ###
set pager=1
if [ -s $prefix/grubenv ]; then
load_env
fi
if [ "${next_entry}" ] ; then
set default="${next_entry}"
set next_entry=
save_env next_entry
set boot_once=true
else
set default="${saved_entry}"
fi
if [ x"${feature_menuentry_id}" = xy ]; then
menuentry_id_option="--id"
else
menuentry_id_option=""
fi
export menuentry_id_option
if [ "${prev_saved_entry}" ]; then
set saved_entry="${prev_saved_entry}"
save_env saved_entry
set prev_saved_entry=
save_env prev_saved_entry
set boot_once=true
fi
function savedefault {
if [ -z "${boot_once}" ]; then
saved_entry="${chosen}"
save_env saved_entry
fi
}
function load_video {
if [ x$feature_all_video_module = xy ]; then
insmod all_video
else
insmod efi_gop
insmod efi_uga
insmod ieee1275_fb
insmod vbe
insmod vga
insmod video_bochs
insmod video_cirrus
fi
}
terminal_output console
if [ x$feature_timeout_style = xy ] ; then
set timeout_style=menu
set timeout=5
# Fallback normal timeout code in case the timeout_style feature is
# unavailable.
else
set timeout=5
fi
### END /etc/grub.d/00_header ###
### BEGIN /etc/grub.d/00_tuned ###
set tuned_params=""
set tuned_initrd=""
### END /etc/grub.d/00_tuned ###
### BEGIN /etc/grub.d/01_users ###
if [ -f ${prefix}/user.cfg ]; then
source ${prefix}/user.cfg
if [ -n "${GRUB2_PASSWORD}" ]; then
set superusers="root"
export superusers
password_pbkdf2 root ${GRUB2_PASSWORD}
fi
fi
### END /etc/grub.d/01_users ###
### BEGIN /etc/grub.d/10_linux ###
menuentry 'CentOS Linux (5.4.119-19-0006) 7 (Core)' --class centos --class gnu-linux --class gnu --class os --unrestricted $menuentry_id_option 'gnulinux-5.4.119-19-0006-advanced-a96bb1f6-5e36-4743-8e86-8d3810f5ba85' {
load_video
set gfxpayload=keep
insmod gzio
insmod part_msdos
insmod ext2
set root='hd0,msdos2'
if [ x$feature_platform_search_hint = xy ]; then
search --no-floppy --fs-uuid --set=root --hint-bios=hd0,msdos2 --hint-efi=hd0,msdos2 --hint-baremetal=ahci0,msdos2 --hint='hd0,msdos2' cb7790e2-0c09-42e6-88eb-987694de829b
else
search --no-floppy --fs-uuid --set=root cb7790e2-0c09-42e6-88eb-987694de829b
fi
linux16 /vmlinuz-5.4.119-19-0006 root=UUID=a96bb1f6-5e36-4743-8e86-8d3810f5ba85 ro mgag200.modeset=0 ixgbe.allow_unsupported_sfp=1 vga=0x317 intel_iommu=on iommu=pt pci=realloc nousbstorage crashkernel=auto rhgb quiet
initrd16 /initramfs-5.4.119-19-0006.img
}
menuentry 'CentOS Linux (3.10.0-1160.el7.x86_64) 7 (Core)' --class centos --class gnu-linux --class gnu --class os --unrestricted $menuentry_id_option 'gnulinux-3.10.0-1160.el7.x86_64-advanced-a96bb1f6-5e36-4743-8e86-8d3810f5ba85' {
load_video
set gfxpayload=keep
insmod gzio
insmod part_msdos
insmod ext2
set root='hd0,msdos2'
if [ x$feature_platform_search_hint = xy ]; then
search --no-floppy --fs-uuid --set=root --hint-bios=hd0,msdos2 --hint-efi=hd0,msdos2 --hint-baremetal=ahci0,msdos2 --hint='hd0,msdos2' cb7790e2-0c09-42e6-88eb-987694de829b
else
search --no-floppy --fs-uuid --set=root cb7790e2-0c09-42e6-88eb-987694de829b
fi
linux16 /vmlinuz-3.10.0-1160.el7.x86_64 root=UUID=a96bb1f6-5e36-4743-8e86-8d3810f5ba85 ro mgag200.modeset=0 ixgbe.allow_unsupported_sfp=1 vga=0x317 intel_iommu=on iommu=pt pci=realloc nousbstorage crashkernel=auto rhgb quiet
initrd16 /initramfs-3.10.0-1160.el7.x86_64.img
}
menuentry 'CentOS Linux (0-rescue-5737ebefe3cb44a2865fe1136b8df871) 7 (Core)' --class centos --class gnu-linux --class gnu --class os --unrestricted $menuentry_id_option 'gnulinux-0-rescue-5737ebefe3cb44a2865fe1136b8df871-advanced-a96bb1f6-5e36-4743-8e86-8d3810f5ba85' {
load_video
insmod gzio
insmod part_msdos
insmod ext2
set root='hd0,msdos2'
if [ x$feature_platform_search_hint = xy ]; then
search --no-floppy --fs-uuid --set=root --hint-bios=hd0,msdos2 --hint-efi=hd0,msdos2 --hint-baremetal=ahci0,msdos2 --hint='hd0,msdos2' cb7790e2-0c09-42e6-88eb-987694de829b
else
search --no-floppy --fs-uuid --set=root cb7790e2-0c09-42e6-88eb-987694de829b
fi
linux16 /vmlinuz-0-rescue-5737ebefe3cb44a2865fe1136b8df871 root=UUID=a96bb1f6-5e36-4743-8e86-8d3810f5ba85 ro mgag200.modeset=0 ixgbe.allow_unsupported_sfp=1 vga=0x317 intel_iommu=on iommu=pt pci=realloc nousbstorage crashkernel=auto rhgb quiet
initrd16 /initramfs-0-rescue-5737ebefe3cb44a2865fe1136b8df871.img
}
if [ "x$default" = 'CentOS Linux (5.4.119-19-0006) 7 (Core)' ]; then default='Advanced options for CentOS Linux>CentOS Linux (5.4.119-19-0006) 7 (Core)'; fi;
### END /etc/grub.d/10_linux ###
### BEGIN /etc/grub.d/20_linux_xen ###
### END /etc/grub.d/20_linux_xen ###
### BEGIN /etc/grub.d/20_ppc_terminfo ###
### END /etc/grub.d/20_ppc_terminfo ###
### BEGIN /etc/grub.d/30_os-prober ###
### END /etc/grub.d/30_os-prober ###
### BEGIN /etc/grub.d/40_custom ###
# This file provides an easy way to add custom menu entries. Simply type the
# menu entries you want to add after this comment. Be careful not to change
# the 'exec tail' line above.
### END /etc/grub.d/40_custom ###
### BEGIN /etc/grub.d/41_custom ###
if [ -f ${config_directory}/custom.cfg ]; then
source ${config_directory}/custom.cfg
elif [ -z "${config_directory}" -a -f $prefix/custom.cfg ]; then
source $prefix/custom.cfg;
fi
### END /etc/grub.d/41_custom ###更新日志
2025/1/19 16:32
查看所有更新日志
9f726-于