← Back to team overview

ubuntu-manual team mailing list archive

  1. ubuntu-manual team
  2. Mailing list archive
  3. Message #00318

[Bug 384148] Re: Major bug in Console Security help page (affects all version)

  Thread PreviousDate PreviousThread Next 
Patch for Lucid, addressing concerns in this bug report.  Entire section
on GRUB password protection has been removed, due to the fact that GRUB
2 still lacks sufficient password protection.  It is possible, but the
instructions are lengthy, and passwords are stored in clear text.

** Attachment added: "lucid-serverguide-lp-bug-384148.txt"
   http://launchpadlibrarian.net/37760060/lucid-serverguide-lp-bug-384148.txt

-- 
Major bug in Console Security help page (affects all version)
https://bugs.launchpad.net/bugs/384148
You received this bug notification because you are a member of Ubuntu
Documentation Project Team, which is a direct subscriber.

Status in “ubuntu-docs” package in Ubuntu: Confirmed

Bug description:
Binary package hint: ubuntu-docs

Hi,

Just found few bugs in Console Security how-to located at https://help.ubuntu.com/9.04/serverguide/C/console-security.html.

Bugs are related to GRUB Password Security how-to and affect all versions of documentation.

1. First of all there should be a note that "password --md5 pass"  string has not to be located under the title item but in a global area.
2. The string "# lockalternative=false" confused me, it is necessary to note that string has not to be copied without hash char. It has to be edited as "# lockalternative=true" because it as a template for grub-update scripts.
3. !!!This is a major bug!!! After editing lockalternative to true it is necessary to put "lock" parameter under the title with recover mode as follows:

title		Ubuntu 9.04, kernel 2.6.xx-x-generic (recovery mode)
lock
uuid		xxx
kernel		/boot/vmlinuz-2.6.xx-x-generic root=UUID=xxx ro  single
initrd		/boot/initrd.img-2.6.xx-x-generic

4. !!!It is necessary to note, that lock parameter which has been added in the item 3 will not be modified by grub-update script(in case of kernel upgrade and other changes) because of "# lockalternative=true". Without "# lockalternative=true" single user mode will be unlocked on next grub-update.

BTW, do we need to add lock parameter each time to the new title with a new kernel?
  Thread PreviousDate PreviousThread Next