Acknowledgement sent
to Felix Zielcke <[email protected]>:
Extra info received and forwarded to list. Copy sent to Debian Install System Team <[email protected]>.
(Thu, 27 Aug 2009 20:48:03 GMT) (full text, mbox, link).
Subject: Bug #477092 grub-installer: does not support setting password for
grub2
Date: Thu, 27 Aug 2009 22:36:35 +0200
grub2 supports now setting a password.
I just documented that in the wiki:
http://grub.enbug.org/Authentication
It's a bit different then grub-legacy's.
/etc/default/grub doestn't have any support for it.
I think the best would be to create a /etc/grub.d/01_password file or
something like that.
--
Felix Zielcke
Proud Debian Maintainer
Acknowledgement sent
to Felix Zielcke <[email protected]>:
Extra info received and forwarded to list. Copy sent to Debian Install System Team <[email protected]>.
(Fri, 04 Sep 2009 19:21:07 GMT) (full text, mbox, link).
tag 477092 + patch
thanks
Here's now a patch which adds support to set a username and password for
GRUB 2
The debconf templates probable need to be changed. I'm not that perfect
in writing them.
And I wasn't sure what to do if people enter a username but no password.
Now I just don't set anything if no password has been given just like
with grub-legacy.
--
Felix Zielcke
Proud Debian Maintainer
Acknowledgement sent
to Jérémy Bobbio <[email protected]>:
Extra info received and forwarded to list. Copy sent to Debian Install System Team <[email protected]>.
(Fri, 04 Sep 2009 22:39:13 GMT) (full text, mbox, link).
On Fri, Sep 04, 2009 at 09:11:23PM +0200, Felix Zielcke wrote:
> Here's now a patch which adds support to set a username and password for
> GRUB 2
> The debconf templates probable need to be changed. I'm not that perfect
> in writing them.
> And I wasn't sure what to do if people enter a username but no password.
Best behaviour is probably to fail displaying that the password can't
be empty, like it is currently done in user-setup.
Cheers,
--
Jérémy Bobbio .''`.
[email protected] : :Ⓐ : # apt-get install anarchism
`. `'`
`-
Acknowledgement sent
to Christian Perrier <[email protected]>:
Extra info received and forwarded to list. Copy sent to Debian Install System Team <[email protected]>.
(Sat, 05 Sep 2009 08:18:03 GMT) (full text, mbox, link).
(CC'ing dle for templates review)
Quoting Felix Zielcke ([email protected]):
> Index: debian/grub-installer.templates
> ===================================================================
> --- debian/grub-installer.templates (revision 60631)
> +++ debian/grub-installer.templates (working copy)
> @@ -87,6 +87,32 @@ _Description: Device for boot loader ins
> your third drive (SCSI here);
> - "(fd0)" or "/dev/fd0" will install GRUB to a floppy.
>
> +Template: grub-installer/superuser
> +Type: string
> +# :sl2:
> +_Description: GRUB superuser:
> + The GRUB boot loader offers many powerful interactive features, which could
> + be used to compromise your system if unauthorized users have access to the
> + machine when it is starting up. To defend against this, you may choose a
> + username and password which will be required before editing menu entries or
> + entering the GRUB command-line interface. By default, any user will still be
> + able to start any menu entry without entering a username and password.
> + .
> + If you do not wish to set a GRUB username, leave this field blank.
> +
"s/your system/the system"
maybe s/starting up/booting up"
I'm not sure about "To defend against this"
"username" or "user name"?
> +Template: grub-installer/grub2-password
> +Type: password
> +# :sl2:
> +_Description: GRUB password:
> + Please enter the password you want to use for GRUB 2.
I'd suggest something else than "you want to use".
Maybe "Please enter the GRUB 2 password."
We need to choose between "GRUB 2" and "GRUB". Probably drop the
"2". After all, this might be used in an hypothetical GRUB3, right? :-)
Another option is somethign similar to the root password prompt:
_Description: GRUB password:
You need to set a password for GRUB. A malicious or unqualified user
with GRUB access can have disastrous results, so you should take care
to choose a GRUB password that is not easy to guess. It should not be
a word found in dictionaries, or a word that could be easily
associated with you.
(that will help translators as fuzzy matching will prefill translations)
> +
> +Template: grub-installer/empty-password
> +Type: error
> +# :sl2:
> +_Description: Empty password
> + You have given a username but no password. If you don't want authorization
> + please don't specify an username, else you have to give a password.
> +
You may want to use the same wording than the similar template in
user-setup:
_Description: Empty password
You entered an empty password, which is not allowed.
Please choose a non-empty password.
Acknowledgement sent
to Justin B Rye <[email protected]>:
Extra info received and forwarded to list. Copy sent to Debian Install System Team <[email protected]>.
(Sat, 05 Sep 2009 11:33:03 GMT) (full text, mbox, link).
Subject: Re: Bug#477092: [PATCH] add support for setting a username +
password in grub-installer for GRUB 2
Date: Sat, 5 Sep 2009 11:57:54 +0100
Christian Perrier wrote:
> Quoting Felix Zielcke ([email protected]):
[...]
>> +Template: grub-installer/superuser
>> +Type: string
>> +# :sl2:
>> +_Description: GRUB superuser:
>> + The GRUB boot loader offers many powerful interactive features, which could
>> + be used to compromise your system if unauthorized users have access to the
>> + machine when it is starting up. To defend against this, you may choose a
>> + username and password which will be required before editing menu entries or
>> + entering the GRUB command-line interface. By default, any user will still be
>> + able to start any menu entry without entering a username and password.
>> + .
>> + If you do not wish to set a GRUB username, leave this field blank.
>> +
>
> "s/your system/the system"
>
> maybe s/starting up/booting up"
>
> I'm not sure about "To defend against this"
No strong opinion on any of these (even the "you might not be the
owner" quibble is weak here).
> "username" or "user name"?
One word. "Christian Perrier" and "Justin B Rye" are user names,
but not their usernames.
>> +Template: grub-installer/grub2-password
[...]
>
> Another option is somethign similar to the root password prompt:
>
> _Description: GRUB password:
> You need to set a password for GRUB. A malicious or unqualified user
> with GRUB access can have disastrous results, so you should take care
> to choose a GRUB password that is not easy to guess. It should not be
> a word found in dictionaries, or a word that could be easily
> associated with you.
Looks good to me.
>> +Template: grub-installer/empty-password
>> +Type: error
>> +# :sl2:
>> +_Description: Empty password
>> + You have given a username but no password. If you don't want authorization
>> + please don't specify an username, else you have to give a password.
Looks bad to me: s/an username/a username/; s/, else/; otherwise/;
and you don't want (to get) authorization, you want there to be
authentication.
> You may want to use the same wording than the similar template in
> user-setup:
>
> _Description: Empty password
> You entered an empty password, which is not allowed.
> Please choose a non-empty password.
This loses the advice on what to do if you're not trying to set up a
password. On the other hand, how would I apply that advice if I
didn't already know about dpkg-reconfigure? Is there a "back"
button?
--
JBR with qualifications in linguistics, experience as a Debian
sysadmin, and probably no clue about this particular package
Debbugs is free software and licensed under the terms of the GNU General
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.