← Back to team overview

ubuntu-manual team mailing list archive

[Bug 384148] Re: Major bug in Console Security help page (affects 9.04)

 

I applied Gilbert's patch for Lucid to remove this section from the
docs, since the existing directions were not applicable to Grub2 and we
don't have good replacement directions for Grub2.  I am therefore
assigning this bug to him for the record (nothing personal Micheal, we
really appreciate your help and feedback on this report).  When this
capability becomes available, we can re-write this documentation.  Patch
was committed to Lucid branch, rev 458.

** Changed in: ubuntu-docs (Ubuntu)
       Status: Confirmed => Fix Committed

** Changed in: ubuntu-docs (Ubuntu)
     Assignee: Micheal_2009 (micheal-harker) => Gilbert Mendoza (gmendoza)

-- 
Major bug in Console Security help page (affects 9.04)
https://bugs.launchpad.net/bugs/384148
You received this bug notification because you are a member of Ubuntu
Documentation Project Team, which is a direct subscriber.

Status in “ubuntu-docs” package in Ubuntu: Fix Committed

Bug description:
Binary package hint: ubuntu-docs

Hi,

Just found few bugs in Console Security how-to located at https://help.ubuntu.com/9.04/serverguide/C/console-security.html.

Bugs are related to GRUB Password Security how-to and affect all versions of documentation.

1. First of all there should be a note that "password --md5 pass"  string has not to be located under the title item but in a global area.
2. The string "# lockalternative=false" confused me, it is necessary to note that string has not to be copied without hash char. It has to be edited as "# lockalternative=true" because it as a template for grub-update scripts.
3. !!!This is a major bug!!! After editing lockalternative to true it is necessary to put "lock" parameter under the title with recover mode as follows:

title		Ubuntu 9.04, kernel 2.6.xx-x-generic (recovery mode)
lock
uuid		xxx
kernel		/boot/vmlinuz-2.6.xx-x-generic root=UUID=xxx ro  single
initrd		/boot/initrd.img-2.6.xx-x-generic

4. !!!It is necessary to note, that lock parameter which has been added in the item 3 will not be modified by grub-update script(in case of kernel upgrade and other changes) because of "# lockalternative=true". Without "# lockalternative=true" single user mode will be unlocked on next grub-update.

BTW, do we need to add lock parameter each time to the new title with a new kernel?