How to Set GRUB2 Password in RHEL, CentOS and Fedora Linux

GRand Unified Bootloader (GRUB) is a default bootloader in all Unix-like operating systems. As promised in our earlier article “How to reset a forgotten root password“, here we are going to review how to protect GRUB with passwords.

As mentioned earlier post, anyone can log in into single-user mode and may change system settings as needed. This is the big security flow. So, to prevent such unauthorized person to access the system we may require to have grub with password protected.

Here, we’ll see how to prevent users from entering into single user mode and changing the settings of systems that may have direct or physical access to the system.

Generate GRUB Bootloader Password

Create a password for GRUB, be a root user, and open the command prompt, type the below command.

# grub2-setpassword 

When prompted type grub password twice and press enter.

Generate GRUB Password
Generate GRUB Password

This will generate a hashed GRUB bootloader password in the file /boot/grub2/user.cfg file and can be viewed using the cat command as shown.

# cat /boot/grub2/user.cfg
Grub Bootloader Password
Grub Bootloader Password

Recreate the GRUB Configuration File

After creating the GRUB password, you need to re-create the new GRUB configuration file by running the following command.

# grub2-mkconfig -o /boot/grub2/grub.cfg
Create Grub Configuration
Create Grub Configuration

The above command will set the grub password in the configuration file. Now, reboot the system and check if the new GRUB password is set properly.

# reboot

Testing GRUB Password Protection

After your system restart, you will get the following GRUB screen, where you will get 5 seconds to break the normal boot process. So quickly press e key to breaking the boot process.

Grub Menu
Grub Menu

Once you press the e key it will prompt you to enter the GRUB password as shown.

GRUB Password
GRUB Password

After entering the right username and password, you can edit GRUB parameters as shown.

Edit GRUB Configuration
Edit GRUB Configuration

Removing GRUB Password Protection

To remove GRUB password-protect from boot menu, simply delete the file /boot/grub2/user.cfg.

# rm /boot/grub2/user.cfg
Remove GRUB Password
Remove GRUB Password

This is how we can protect GRUB with passwords. Let us know how do you secure your system? via comments.

Ravi Saive
I am an experienced GNU/Linux expert and a full-stack software developer with over a decade in the field of Linux and Open Source technologies

Each tutorial at TecMint is created by a team of experienced Linux system administrators so that it meets our high-quality standards.

Join the TecMint Weekly Newsletter (More Than 156,129 Linux Enthusiasts Have Subscribed)
Was this article helpful? Please add a comment or buy me a coffee to show your appreciation.

26 thoughts on “How to Set GRUB2 Password in RHEL, CentOS and Fedora Linux”

  1. This will only protect the installed group, it’s still possible to boot up grub from a usb drive and then boot the Linux kernel in single-user mode from there.

    Reply
  2. Hello , this was very help full for me
    i have tried this it worked well and also i have tried removing the password in /etc/grub.conf file . i have doubt here if i forget the root password i will reset through single user mode . for suppose if i forget the password for both root and grub password . then hw can i recover it . please help me out in this

    Reply
  3. Hi,

    I’m new in linux. We forgot both the root password and GRUB password.
    How can I reset both? Also, how can i go to single user mode to remove the GRUB password?
    Thank you

    Reply
  4. FOR CENTOS…….LINUX

    *HOW TO SET BOOT PASSWORD*

    login root (#)

    #vim /etc/grub.conf
    :se nu
    13 no line…… press enter key and go next line (14 no line)
    password ******
    :wq

    Reply
  5. hi
    i followed the above steps in redhat linux . i did not get error . it didnt ask me the grub password …why ? can u tell me y its happened ………..

    Reply
  6. grub is not showing up all the installed operating systems.

    I have rhel 6 64-bit os after that i installed centos 64-bit after installing centos rhel 6 is not showing up in grub..

    whereas i am also having windows 7 which is active all the time

    Reply
  7. Thanks for your great info.
    If e person boot via a Live CD or another OS, they can access to all HDD files & folders. How can we protect it?

    Reply
    • Please go through the article, we already explained very clearly how to protect grub with password. Follow same procedure for changing.

      Reply
    • I think it should work with latest Linux versions too,because the grub file is the same and procedure also. Why not you try and tell us.

      Reply

Got something to say? Join the discussion.

Thank you for taking the time to share your thoughts with us. We appreciate your decision to leave a comment and value your contribution to the discussion. It's important to note that we moderate all comments in accordance with our comment policy to ensure a respectful and constructive conversation.

Rest assured that your email address will remain private and will not be published or shared with anyone. We prioritize the privacy and security of our users.