-
Notifications
You must be signed in to change notification settings - Fork 45
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
How to prevent single user mode from GRUB in debian? #322
Comments
Hi, another student here working on the same project. First of all thanks for you quick response! We are trying to create a live environment for end user to use straight from a USB-stick, so no installs are being done. Skipping the grub-menu altogether and booting straight into the Live System would also be great. Both problems have to be fixed through grub configuration we believe. Just so you have a concrete idea of what we are trying to do, these are the steps that we followed to successfully disable single-user boot and skip the boot menu (in a normal, non-live debian install): # Ask, hash and set a root password
read -s -p "Enter password: " passw
HASHPW=$(echo -e "$passwd\n$passwd" | LC_ALL=C /usr/bin/grub-mkpasswd-pbkdf2 | awk '/hash of / {print $NF}')
echo "set superusers=root" | tee -a /etc/grub.d/40_custom
echo "password_pbkdf2 root $HASHPW" | tee -a /etc/grub.d/40_custom
sed -i '/^CLASS=/ s/"$/ --unrestricted"/' /etc/grub.d/10_linux
# Set the grub-menu timeout to 0 and disable it:
# We set GRUB_TIMEOUT=0 and add the line GRUB_DISABLE_SUBMENU=y to /etc/default/grub
sed -i '/GRUB_TIMEOUT/c\GRUB_TIMEOUT\=0' /etc/default/grub
sed -i '/GRUB_DEFAULT/iGRUB_DISABLE_SUBMENU\=y' /etc/default/grub Thanks you so much! |
First, you must understand there are two Grub menus you have to deal with.
|
Hi We have already been able to remove all menu entries except Live Mode successfully. Setting the Grub-Menu timeout to 0 or setting a password for editing grub-menu entries proved harder. Our project is due in 4 days. However it is no big problem if we cannot figure it out so please do not feel pressed. Our research on the topic is more important than the final product we present. Have a nice day! |
Not sure this will work, but you might try simply removing the
Theoretically, if a person does edit the boot menu and enables rescue mode, it won't work. (Of course, someone could reinstall this in the live environment, so if it does work, it may not be 100% fool proof). |
We are students trying to create a custom live boot with Cubic, the application has been fantastic so far however we have come across an issue that seems more complex to fix.
We need to prevent users of the live system to access the single user mode as they should not be allowed to have root access.
What we tried:
Expected behavior
Users of the live system are not able to have root access without the root password.
OS Information (please complete the following information):
Cubic Information (please complete the following information):
Thanks in advance!
The text was updated successfully, but these errors were encountered: