[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: meaning of absent --users prameters.
From: |
Robert Millan |
Subject: |
Re: meaning of absent --users prameters. |
Date: |
Thu, 7 Jan 2010 20:06:19 +0100 |
User-agent: |
Mutt/1.5.18 (2008-05-17) |
On Sun, Dec 06, 2009 at 07:11:11PM +0100, Vladimir 'φ-coder/phcoder' Serbinenko
wrote:
> Hello. Currently authentication system works as following:
>
> menuentry "name" --users "a,b,c" {
> }
> Means that only superusers and users "a", "b" and "c" are permitted to
> boot this menuentry. To allow only superusers to boot an entry one would
> need:
> menuentry "name" --users "" {
> }
> And absence of --users means "anyone can choose this entry".
> Unfortunately this is error-prone. Does anyone oppose to change it to:
> No --users: only superusers
> To have an unlocked entry you have to add --unlocked
I agree this is error-prone and encourages insecure ways of using GRUB.
However, this has the potential to render system unbootable if user made
a mistake. I think that should be avoided too.
How about:
"--locked" == only superusers can boot
"--locked --users a,b,c" == only a,b,c and superusers can boot
"" == everyone can boot
--
Robert Millan
"Be the change you want to see in the world" -- Gandhi
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- Re: meaning of absent --users prameters.,
Robert Millan <=