Like in the other post, I didn’t get prompted at reboot.
The page says: “This command only supports configurations with a single root user.”, and I have root + my user. Maybe it’s that?
…or, there were differences in the output.
### From the guide
# grub2-mkconfig -o /boot/grub2/grub.cfg
Generating grub configuration file ...
Found linux image: /boot/vmlinuz-3.10.0-327.el7.x86_64
Found initrd image: /boot/initramfs-3.10.0-327.el7.x86_64.img
Found linux image: /boot/vmlinuz-0-rescue-f9725b0c842348ce9e0bc81968cf7181
Found initrd image: /boot/initramfs-0-rescue-f9725b0c842348ce9e0bc81968cf7181.img
done
### From my output
# grub2-mkconfig -o /boot/grub2/grub.cfg
Generating grub configuration file ...
done
Any ideas?
―
// btw: The guide says: “Remove -unrestricted from …”
when it should say --unrestricted. But, if I’m not wrong - a lot of web/blog tools are causing that, rendering -- into -.
I ran cat on those /boot/loader/entries/*.conf now, and I noticed all the the grub_arg --unrestricted.
If I removed that, like the guide said, in:
# vim /etc/grub.d/10_linux
#CLASS="--class gnu-linux --class gnu --class os --unrestricted"
CLASS="--class gnu-linux --class gnu --class os"
So, shouldn’t they be gone?
Maybe I missed a step… I think I set the pwd 1st, then removed the --unrestricted. The guide says the other way around - thinking it doesn’t matter, and it’ll update everything when running grub2-mkconfig.
The grub.cfg sources file user.cfg. That defines GRUB2_PASSWORD. That is where the grub2-setpassword should store the (hashed) password.
The grub.cfg sets superusers="root"
When password is set, both edit of entry and boot do require the password.
The effect of --unrestricted is that one can boot without password.
Note: The osprober does not add --unrestricted if it creates entry for Windows.
It is the grubby and/or kernel-install that adds
grub_users $grub_users
grub_arg --unrestricted
to the BLS entries.
In fact, the latter probably calls /usr/lib/kernel/install.d/20-grub.install which does:
cat <<EOF
title ${NAME} (${kernelver}) ${VERSION}${debugname}
version ${kernelver}${debugid}
linux /vmlinuz-${kernelver}
initrd /initramfs-${kernelver}.img
options ${kernelopts}
grub_users \$grub_users
grub_arg --unrestricted
grub_class ${ID}
EOF