Re: meaning of absent --users prameters.

grub-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: meaning of absent --users prameters.

From:	Robert Millan
Subject:	Re: meaning of absent --users prameters.
Date:	Thu, 7 Jan 2010 20:06:19 +0100
User-agent:	Mutt/1.5.18 (2008-05-17)

On Sun, Dec 06, 2009 at 07:11:11PM +0100, Vladimir 'φ-coder/phcoder' Serbinenko 
wrote:
> Hello. Currently authentication system works as following:
> 
> menuentry "name" --users "a,b,c" {
> }
> Means that only superusers and users "a", "b" and "c" are permitted to
> boot this menuentry. To allow only superusers to boot an entry one would
> need:
> menuentry "name" --users "" {
> }
> And absence of --users means "anyone can choose this entry".
> Unfortunately this is error-prone. Does anyone oppose to change it to:
> No --users: only superusers
> To have an unlocked entry you have to add --unlocked

I agree this is error-prone and encourages insecure ways of using GRUB.

However, this has the potential to render system unbootable if user made
a mistake.  I think that should be avoided too.

How about:

"--locked" == only superusers can boot
"--locked --users a,b,c" == only a,b,c and superusers can boot
"" == everyone can boot

-- 
Robert Millan

  "Be the change you want to see in the world" -- Gandhi

[Prev in Thread]

Current Thread

[Next in Thread]

Re: meaning of absent --users prameters., Robert Millan <=

Prev by Date: Re: [PATCH] Optimise scrolling by avoiding function calls and aligned memory copy
Next by Date: Re: autogen.sh warnings
Previous by thread: Re: [PATCH] Optimise scrolling by avoiding function calls and aligned memory copy
Next by thread: Re: [PATCH] Backup old boot sectors before installation
Index(es):
- Date
- Thread