How to Set GRUB2 Password in RHEL, CentOS and Fedora Linux

GRand Unified Bootloader (GRUB) is a default bootloader in all Unix-like operating systems. As promised in our earlier article “How to reset a forgotten root password“, here we are going to review how to protect GRUB with passwords.

As mentioned earlier post, anyone can log in into single-user mode and may change system settings as needed. This is the big security flow. So, to prevent such unauthorized person to access the system we may require to have grub with password protected.

Here, we’ll see how to prevent users from entering into single user mode and changing the settings of systems that may have direct or physical access to the system.

Generate GRUB Bootloader Password

Create a password for GRUB, be a root user, and open the command prompt, type the below command.

# grub2-setpassword 

When prompted type grub password twice and press enter.

Generate GRUB Password
Generate GRUB Password

This will generate a hashed GRUB bootloader password in the file /boot/grub2/user.cfg file and can be viewed using the cat command as shown.

# cat /boot/grub2/user.cfg
Grub Bootloader Password
Grub Bootloader Password

Recreate the GRUB Configuration File

After creating the GRUB password, you need to re-create the new GRUB configuration file by running the following command.

# grub2-mkconfig -o /boot/grub2/grub.cfg
Create Grub Configuration
Create Grub Configuration

The above command will set the grub password in the configuration file. Now, reboot the system and check if the new GRUB password is set properly.

# reboot

Testing GRUB Password Protection

After your system restart, you will get the following GRUB screen, where you will get 5 seconds to break the normal boot process. So quickly press e key to breaking the boot process.

Grub Menu
Grub Menu

Once you press the e key it will prompt you to enter the GRUB password as shown.

GRUB Password
GRUB Password

After entering the right username and password, you can edit GRUB parameters as shown.

Edit GRUB Configuration
Edit GRUB Configuration

Removing GRUB Password Protection

To remove GRUB password-protect from boot menu, simply delete the file /boot/grub2/user.cfg.

# rm /boot/grub2/user.cfg
Remove GRUB Password
Remove GRUB Password

This is how we can protect GRUB with passwords. Let us know how do you secure your system? via comments.

If you liked this article, then do subscribe to email alerts for Linux tutorials. If you have any questions or doubts? do ask for help in the comments section.

If You Appreciate What We Do Here On TecMint, You Should Consider:

TecMint is the fastest growing and most trusted community site for any kind of Linux Articles, Guides and Books on the web. Millions of people visit TecMint! to search or browse the thousands of published articles available FREELY to all.

If you like what you are reading, please consider buying us a coffee ( or 2 ) as a token of appreciation.

Support Us

We are thankful for your never ending support.

26 thoughts on “How to Set GRUB2 Password in RHEL, CentOS and Fedora Linux”

  1. This will only protect the installed group, it’s still possible to boot up grub from a usb drive and then boot the Linux kernel in single-user mode from there.

    Reply
  2. Hello , this was very help full for me
    i have tried this it worked well and also i have tried removing the password in /etc/grub.conf file . i have doubt here if i forget the root password i will reset through single user mode . for suppose if i forget the password for both root and grub password . then hw can i recover it . please help me out in this

    Reply

Got something to say? Join the discussion.

Have a question or suggestion? Please leave a comment to start the discussion. Please keep in mind that all comments are moderated and your email address will NOT be published.