Server : Apache System : Linux server1.cgrithy.com 3.10.0-1160.95.1.el7.x86_64 #1 SMP Mon Jul 24 13:59:37 UTC 2023 x86_64 User : nobody ( 99) PHP Version : 8.1.23 Disable Function : NONE Directory : /sbin/ |
#!/bin/sh -e if [ -d /sys/firmware/efi/efivars/ ]; then grubdir=`echo "/boot/efi/EFI/centos/" | sed 's,//*,/,g'` else grubdir=`echo "/boot/grub2" | sed 's,//*,/,g'` fi PACKAGE_VERSION="2.02~beta2" PACKAGE_NAME="GRUB" self=`basename $0` bindir="/usr/bin" grub_mkpasswd="${bindir}/grub2-mkpasswd-pbkdf2" # Usage: usage # Print the usage. usage () { cat <<EOF Usage: $0 [OPTION] $0 prompts the user to set a password on the grub bootloader. The password is written to a file named user.cfg which lives in the GRUB directory located by default at ${grubdir}. -h, --help print this message and exit -v, --version print the version information and exit -o, --output_path <DIRECTORY> put user.cfg in a user-selected directory Report bugs at https://bugzilla.redhat.com. EOF } argument () { opt=$1 shift if test $# -eq 0; then gettext_printf "%s: option requires an argument -- \`%s'\n" "$self" "$opt" 1>&2 exit 1 fi echo $1 } # Ensure that it's the root user running this script if [ "${EUID}" -ne 0 ]; then echo "The grub bootloader password may only be set by root." usage exit 2 fi # Check the arguments. while test $# -gt 0 do option=$1 shift case "$option" in -h | --help) usage exit 0 ;; -v | --version) echo "$self (${PACKAGE_NAME}) ${PACKAGE_VERSION}" exit 0 ;; -o | --output) OUTPUT_PATH=`argument $option "$@"`; shift ;; --output=*) OUTPUT_PATH=`echo "$option" | sed 's/--output=//'` ;; -o=*) OUTPUT_PATH=`echo "$option" | sed 's/-o=//'` ;; esac done # set user input or default path for user.cfg file if [ -z "${OUTPUT_PATH}" ]; then OUTPUT_PATH="${grubdir}" fi if [ ! -d "${OUTPUT_PATH}" ]; then echo "${OUTPUT_PATH} does not exist." usage exit 2; fi ttyopt=$(stty -g) fixtty() { stty ${ttyopt} } trap fixtty EXIT stty -echo # prompt & confirm new grub2 root user password echo -n "Enter password: " read PASSWORD echo echo -n "Confirm password: " read PASSWORD_CONFIRM echo stty ${ttyopt} getpass() { local P0 local P1 P0="$1" && shift P1="$1" && shift ( echo ${P0} ; echo ${P1} ) | \ LC_ALL=C ${grub_mkpasswd} | \ grep -v '[eE]nter password:' | \ sed -e "s/PBKDF2 hash of your password is //" } MYPASS="$(getpass "${PASSWORD}" "${PASSWORD_CONFIRM}")" if [ -z "${MYPASS}" ]; then echo "${self}: error: empty password" 1>&2 exit 1 fi # on the ESP, these will fail to set the permissions, but it's okay because # the directory is protected. install -m 0600 /dev/null "${OUTPUT_PATH}/user.cfg" 2>/dev/null || : chmod 0600 "${OUTPUT_PATH}/user.cfg" 2>/dev/null || : echo "GRUB2_PASSWORD=${MYPASS}" > "${OUTPUT_PATH}/user.cfg" if ! grep -q "^### BEGIN /etc/grub.d/01_users ###$" "${OUTPUT_PATH}/grub.cfg"; then echo "WARNING: The current configuration lacks password support!" echo "Update your configuration with grub2-mkconfig to support this feature." fi