Below is the GRUB menu where we are planning to put the password so that no one logs in to single user mode without permission
As you can see by default anyone can press "e" and edit the grub menu to enter single user mode
Login as root and run the below command. When prompted, provide the grub password to be used
# grub-md5-crypt
Password:
Retype password:
$1$KYWqk1$cyrEcj8xXtctko70sSowx.Next edit the GRUB configuration file /etc/grub.conf and add a new entry as shown below after timeout parameter in the main section.
password --md5 Replace <password-hash> with the value returned by grub-md5-crypt above
# less /etc/grub.conf
default=0
timeout=5
password --md5 $1$KYWqk1$cyrEcj8xXtctko70sSowx.
splashimage=(hd0,0)/grub/splash.xpm.gz
hiddenmenuNext time the system boots, the GRUB menu does not allow access to the editor or command interface without first pressing p followed by the GRUB password.
Reboot and verify the changes
So now it does asks for the password we had set.
Let me know your success and failures