How to set GRUB2 password in CentOS/RHEL 7/8?

It is effortless to change the root password of the Linux system. And, a person who has access to the Server can easily do this. So, this is necessary to protect the setting changes on the server startup. If you want to protect the startup changes, then you have to set a GRUB password. Here, I am going to guide you with the process of how to set a GRUB2 password. It is straightforward, you just have followed a few steps and some commands. So let’s begin to set the grub2 password.

Generating the grub2 password

Step 1: First we are going to generate a password, type the below command

grub2-mkpasswd-pbkdf2

When you type the above command, it will ask for a password that you want to put for GRUB. Type the password which you want. It will generate the hash of your password which you can see in the below picture, I have covered it with the green line. You have to copy it.

grub2 password generate
Generating the grub2 password.

Editing the grub configuration file

Step 2: Now we are going to open the configuration file, so we can set up the password, I am going to open it with vim text editor but you can use vi or any other text editors.

vim /etc/grub.d/10_linux

After opening this file go to the end of the file, and type below lines as it is and change the user name as the places I have highlighted with red, which you want to give and make sure that user has been created in this server system and put the password at the place after username which I have highlighted with light green.

cat << EOF
set superusers=“sahil”
password_pbkdf2 sahil grub.pbkdf2.sha512.10000.0B2A68B3398E72BEF2FF6FD978CA387E718630B853F5FB6B91FB2C4744C30D42EC6774237B82922ADA20A458D083C04BFB2C2391A2335B5B9D51D489916D67A4.F6467176A88E6322BC61A4F2A32D9B28AE74E27930B1E5BA61290BAA1DA5F161756DAA44952F8D138445AEE97FA1B386BDA59747BC68EE06B761454C66E23B6D
EOF

Using the grub2 generated password
Using the grub2 generated password

Step 3: Save the file

Taking the backup of the configuration file

Step 4: Before making these changes effect, we are going to take the backup of the main configuration file with the below command.

cp -p /boot/grub2/grub.cfg /boot/grub2/grub.cfg.bak

Note: The above command will create a backup of the configuration file so in case you get any problem we can try to fix it with the old backup file.

Implementing the changes of grub file

Step 5: Now we’ll make this change to work so we’ll run below command.

grub2-mkconfig -o /boot/grub2/grub.cfg

If you want to check the difference between the original backup file which we have taken earlier and new changes, you can use the below command.

 diff /boot/grub2/grub.cfg /boot/grub2/grub.cfg.bak

That’s it, now you can restart the system, and at boot menus option try to press e for edit the system settings and it will ask for username and password.

Conclusion

In this tutorial, you learned about how to set a grub password. This is a very important step to secure your Linux server or computer. I hope, you understand but if you have any questions, you can ask in the comment section.

Also, you can further learn about

Leave a Reply