I have set a grub password and changed username in /etc/grub.d/01_users but when I go to edit grub line, I am not being prompted for username or password. This is Rocky 9.2 install.
This is a major security issue for my company.
cat /etc/grub.d/01_users
#!/usr/bin/sh -e
cat << EOF
if [ -f \${prefix}/user.cfg ]; then
source \${prefix}/user.cfg
if [ -n "\${GRUB2_PASSWORD}" ]; then
set superusers="root"
export superusers
password_pbkdf2 root \${GRUB2_PASSWORD}
fi
fi
EOF
Lines 3-10 are appended to grub.cfg.
If you have users in /boot/grub2/users.cfg, then those aru used by grub.
If there is environment variable GRUB2_PASSWORD set (I have no idea how) when grub runs (i.e. at boot), then root has password.
I’ve only added file /boot/grub2/users.cfg to get the prompt – never occurred to my mind to edit scripts, like the /etc/grub.d/01_users.