[RFC] Porting of "password" and "lock" commands to Grub2
From:
Julien Ranc
Subject:
[RFC] Porting of "password" and "lock" commands to Grub2
Date:
Wed, 1 Aug 2007 10:26:05 +0200
Hi all,
I am currently working to implement the "password" and "lock" functionality from Grub Legacy into Grub2.
This mail is to propose a different syntax for the "password" and "lock" Grub2 commands, with respect to what exists in Grub. The main reason is that, in Grub Legacy, the password command has different behavior based on where in the
menu.lst the command is placed.
In Grub legacy: - the password command, in the first part of the script, sets a password, and locks edition and command line, but does not prompt the user anything. - the password command, in a menu entry, prompts the user for a password before continuing. This allows to have a different password for any menu entry.
- the lock command prevents the script execution if the user has not authenticated.
What I propose for Grub2 is: 1. password command: It would keep the same syntax than in Grub Legacy. It would only be used to set the global password for Grub, and prevent edition of menu entries, and access to command line until the user has authenticated.
It would not be used in menu entries, and would appear at most once in the grub.cfg
2. lock command: It would be used to pause script execution until the user had authenticated. In order to keep same level of functionality than in Grub Legacy, the syntax would be changed so that the lock command supports(almost) the same syntax than the password command:
lock [ [--md5] PASSWORD ] --> the command "lock" with no argument would block until the user enters the global password set with the "password" command. --> the command "lock" with password argument would block until the user enters the password given in argument.
In my point of view, this is more consistent than the current Grub Legacy implementation ('password sets a password, and "lock" locks until authentification is OK) . It would also be easier to implement because when executing a command, we currently have no way to know if we are in a menu entry or not. It also seems to offer the same level of functionality than what Grub Legacy offers.