This is the big security flow. So, to prevent such unauthorized person to access system we may require to have grub with password protected.
Here, we’ll see how to prevent a user from entering into a single user mode and changing the settings of a system that may have direct or physical access to the system.
cd /etc/grub.d
- Create the password by typing this command
grub2-mkpasswd-pbkdf2
- After you enter the password, copy the whole generated code that appears.
- Now edit the file/etc/grub.d/10_linux using vim by following commands
cat << EOF set superusers=”Username” password_pbkdf2 Username ‘paste the generated code copied above here’ EOF
- Save the changes and exit the editor.
- Update grub using either of the commands;
update-grub
grub-mkconfig -o /boot/grub/grub.cfg