How Do I Secure Grub Boot Loader?

You can set a password for the GRUB bootloader. This prevents users from entering single user mode or changing settings at boot time.

When your system is rebooted, grub presents the boot option menu. From this menu one can easily login into a single user mode without the password which might result into compromise system security.

For example, anyone can access the data or change the settings. However you can setup a password for grub with password option. This option forces grub to ask for a password before making any changes or entering into single user mode. You need to type p followed by password.

#1: Create A Password For Grub

Type grub-md5-crypt command to create password in MD5 format:
# grub-md5-cryptOutput:

Retype password:<ENTER-YOUR-PASSWORD>

Please note that you need to copy and paste the MD5 password ($1$NYoR71$Sgv6pxQ6LG4GXpfihIJyL0) to your configuration file. Use mouse to copy the same.

#2 Add MD5 Password To Grub Configuration File

Under Debian GNU/Linux the Grub configuration file is located at /boot/grub/menu.lst. (Red Hat / Fedora user use /boot/grub/grub.conf file)
# vi /boot/grub/menu.lst
Edit file and add a password line as follows:
password --md5 $1$NYoR71$Sgv6pxQ6LG4GXpfihIJyL0
Here is my sample config file:

default         0
timeout         5
password --md5 $1$NYoR71$Sgv6pxQ6LG4GXpfihIJyL0
title           Debian GNU/Linux, kernel
root           (hd0,0)
kernel        /boot/vmlinuz root=/dev/hda3 ro

Save and close the file.

Optional Settings for Dual Booting Computer

If you dual boot with Windows XP/2000/7, consider adding lock command to Windows XP right after title command:

title           Windows NT/2000/XP
root            (hd0,1)
chainloader     +1

Note the lock option can be also added to the failsafe entry too. For more information please read

🐧 Get the latest tutorials on Linux, Open Source & DevOps via RSS feed or Weekly email newsletter.

🐧 6 comments so far... add one
CategoryList of Unix and Linux commands
Disk space analyzersncdu pydf
File Managementcat
FirewallAlpine Awall CentOS 8 OpenSUSE RHEL 8 Ubuntu 16.04 Ubuntu 18.04 Ubuntu 20.04
Network UtilitiesNetHogs dig host ip nmap
OpenVPNCentOS 7 CentOS 8 Debian 10 Debian 8/9 Ubuntu 18.04 Ubuntu 20.04
Package Managerapk apt
Processes Managementbg chroot cron disown fg jobs killall kill pidof pstree pwdx time
Searchinggrep whereis which
User Informationgroups id lastcomm last lid/libuser-lid logname members users whoami who w
WireGuard VPNAlpine CentOS 8 Debian 10 Firewall Ubuntu 20.04
6 comments… add one
  • viswanath Jun 17, 2007 @ 12:08

    In my computer-windows 98 and windows xp is then i installed linux —–while upgrading/reinstalling the windows xp , after installing xp linux access is gone —i mean system MBR is overwritten and i am unable to access linux. will plz tell me the solution and when i am booting system it directly going to linux, i want to change this menu –the system has to go to windows xp , if select linux then only it has to into linux

    plz any body give solution for my problem

    thank u

    • amresh Jun 10, 2010 @ 8:20

      you can restore primary in rescue mode
      step of recover grub:
      insert linux cd
      boot from cd
      whwn you get the prompt you will have to write
      boot: linux rescue
      chroot /mnt/sysimage
      grub-install /dev/sda (depend your hard drive type)
      your grub will be repair

  • Kamahl Nov 12, 2007 @ 12:32

    Try reinstalling grub. There should be a command on your install disk/liveCD to do reinstall grub. This will locate *all* your partitions. The microsoft one is bias, and refuses to notice anything nonwindows.

  • ujj Feb 24, 2008 @ 13:21

    use ur linux cd & get into rescue mode
    then try out these commands :
    1. grub-install /dev/hda (or /dev/sda whatever it may be)
    2. root (hd0,0) (in the bracket the last zero specifies ur /boot partition number )
    3. setup (hd0)

    with these steps u are done .

  • KDK Nov 5, 2009 @ 17:15

    Alternatively you could do it a safer way.
    get dd for windows and copy the bootsector of the linux partition (the first 512 bytes) into a file and call it something memorable like bootsect.dat.
    Put that in the root of your c: drive and open up boot.ini and add a line such as this.
    C:BOOTSECT.DAT=”RedHat Linux”
    C:BOOTSECT.DAT=”Mandrake Linux”

    Bingo you have your windows loader loading windows and linux, and you didn’t endanger the current running system

    I am aware this thread is over 2 years old btw

  • Tuhin Jul 20, 2014 @ 4:57

    login root (#)
    #vim /etc/grub.conf
    :se nu
    13 no line…… press enter key and go next line (14 no line)
    password ******

Leave a Reply

Your email address will not be published.

Use HTML <pre>...</pre> for code samples. Still have questions? Post it on our forum