ꦫꦣꦺꦤ꧀ꦄꦤ꧀ꦠꦱꦺꦤ

PATH: usr / sbin

#!/bin/sh -e

if [ -d /sys/firmware/efi/efivars/ ]; then
    grubdir=`echo "/boot/efi/EFI/centos/" | sed 's,//*,/,g'`
else
    grubdir=`echo "/boot/grub2" | sed 's,//*,/,g'`
fi

PACKAGE_VERSION="2.02~beta2"
PACKAGE_NAME="GRUB"
self=`basename $0`
bindir="/usr/bin"
grub_mkpasswd="${bindir}/grub2-mkpasswd-pbkdf2"

# Usage: usage
# Print the usage.
usage () {
    cat <<EOF
Usage: $0 [OPTION]
$0 prompts the user to set a password on the grub bootloader. The password
is written to a file named user.cfg which lives in the GRUB directory
located by default at ${grubdir}.

-h, --help                     print this message and exit
  -v, --version                  print the version information and exit
  -o, --output_path <DIRECTORY>  put user.cfg in a user-selected directory

Report bugs at https://bugzilla.redhat.com.
EOF
}

argument () {
    opt=$1
    shift

if test $# -eq 0; then
        gettext_printf "%s: option requires an argument -- \`%s'\n" "$self" "$opt" 1>&2
        exit 1
    fi
    echo $1
}

# Ensure that it's the root user running this script
if [ "${EUID}" -ne 0 ]; then
    echo "The grub bootloader password may only be set by root."
    usage
    exit 2
fi

# Check the arguments.
while test $# -gt 0
do
    option=$1
    shift

case "$option" in
    -h | --help)
	usage
	exit 0 ;;
    -v | --version)
	echo "$self (${PACKAGE_NAME}) ${PACKAGE_VERSION}"
	exit 0 ;;
    -o | --output)
        OUTPUT_PATH=`argument $option "$@"`; shift ;;
    --output=*)
        OUTPUT_PATH=`echo "$option" | sed 's/--output=//'` ;;
    -o=*)
        OUTPUT_PATH=`echo "$option" | sed 's/-o=//'` ;;
    esac
done

# set user input or default path for user.cfg file
if [ -z "${OUTPUT_PATH}" ]; then
    OUTPUT_PATH="${grubdir}"
fi

if [ ! -d "${OUTPUT_PATH}" ]; then
    echo "${OUTPUT_PATH} does not exist."
    usage
    exit 2;
fi

ttyopt=$(stty -g)
fixtty() {
      stty ${ttyopt}
}

trap fixtty EXIT
stty -echo

# prompt & confirm new grub2 root user password
echo -n "Enter password: "
read PASSWORD
echo
echo -n "Confirm password: "
read PASSWORD_CONFIRM
echo
stty ${ttyopt}

getpass() {
    local P0
    local P1
    P0="$1" && shift
    P1="$1" && shift

( echo ${P0} ; echo ${P1} ) | \
        LC_ALL=C ${grub_mkpasswd} | \
        grep -v '[eE]nter password:' | \
        sed -e "s/PBKDF2 hash of your password is //"
}

MYPASS="$(getpass "${PASSWORD}" "${PASSWORD_CONFIRM}")"
if [ -z "${MYPASS}" ]; then
      echo "${self}: error: empty password" 1>&2
      exit 1
fi

# on the ESP, these will fail to set the permissions, but it's okay because
# the directory is protected.
install -m 0600 /dev/null "${OUTPUT_PATH}/user.cfg" 2>/dev/null || :
chmod 0600 "${OUTPUT_PATH}/user.cfg" 2>/dev/null || :
echo "GRUB2_PASSWORD=${MYPASS}" > "${OUTPUT_PATH}/user.cfg"

if ! grep -q "^### BEGIN /etc/grub.d/01_users ###$" "${OUTPUT_PATH}/grub.cfg"; then
    echo "WARNING: The current configuration lacks password support!"
    echo "Update your configuration with grub2-mkconfig to support this feature."
fi

[+] ..
[-] poweroff [edit]
[-] sulogin [edit]
[-] ppp-watch [edit]
[-] addpart [edit]
[-] kpartx [edit]
[-] tcsd [edit]
[-] rsyslogd [edit]
[-] xfs_freeze [edit]
[-] selinuxconlist [edit]
[-] sendmail_bitninja [edit]
[-] nl-qdisc-add [edit]
[-] dnssec-coverage [edit]
[-] btrfs [edit]
[-] genrandom [edit]
[-] lsmod [edit]
[-] readprofile [edit]
[-] suexec [edit]
[-] blkdeactivate [edit]
[-] usermod [edit]
[-] nl-link-list [edit]
[-] mkdict [edit]
[-] xtables-multi [edit]
[-] rndc [edit]
[-] fsck.btrfs [edit]
[-] init [edit]
[-] service [edit]
[-] saslauthd [edit]
[-] tcpdump [edit]
[-] dovecot [edit]
[-] rndc-confgen [edit]
[-] fsck.ext2 [edit]
[-] nfsstat [edit]
[-] routef [edit]
[-] xfs_rtcp [edit]
[-] rtmon [edit]
[-] ddns-confgen [edit]
[-] dovecot_cpshutdown [edit]
[-] vigr [edit]
[-] e4defrag [edit]
[-] pure-authd [edit]
[-] showmount [edit]
[-] eapol_test [edit]
[-] biosdecode [edit]
[-] yumdb [edit]
[-] depmod [edit]
[-] ctstat [edit]
[-] dracut [edit]
[-] xfs_copy [edit]
[-] genl-ctrl-list [edit]
[-] pwconv [edit]
[-] selabel_partial_match [edit]
[-] iotop [edit]
[-] arp-scan [edit]
[-] iptables [edit]
[-] gssproxy [edit]
[-] exim_lock [edit]
[-] tsig-keygen [edit]
[-] pure-config.pl [edit]
[-] firewalld [edit]
[-] debugfs [edit]
[-] ifenslave [edit]
[-] e2freefrag [edit]
[-] auditd [edit]
[-] mkfs.ext3 [edit]
[-] tracepath [edit]
[-] findfs [edit]
[-] quotaon [edit]
[-] rpc.mountd [edit]
[-] fcgistarter [edit]
[-] capsh [edit]
[-] atopacctd [edit]
[-] update-smart-drivedb [edit]
[-] selabel_digest [edit]
[-] lusermod [edit]
[-] bitninjacli-interactive [edit]
[-] setquota [edit]
[-] nl-cls-list [edit]
[-] tune2fs [edit]
[-] edquota [edit]
[-] pure-certd [edit]
[-] dnssec-revoke [edit]
[-] xfs_fsr [edit]
[-] exigrep [edit]
[-] mke2fs [edit]
[-] new-kernel-pkg [edit]
[-] rpc.statd [edit]
[-] ebtables-restore [edit]
[-] nsec3hash [edit]
[-] shutdown [edit]
[-] mii-tool [edit]
[-] audispd-zos-remote [edit]
[-] atrun [edit]
[-] sestatus [edit]
[-] sushell [edit]
[-] btrfs-zero-log [edit]
[-] nstat [edit]
[-] grub2-setpassword [edit]
[-] newusers [edit]
[-] setsebool [edit]
[-] grub2-rpm-sort [edit]
[-] dnssec-settime [edit]
[-] iptunnel [edit]
[-] luseradd [edit]
[-] rtcwake [edit]
[-] btrfs-map-logical [edit]
[-] rdma [edit]
[-] mkfs.ext2 [edit]
[-] webmitm [edit]
[-] iptables-restore [edit]
[-] ldattach [edit]
[-] route [edit]
[-] rpc.nfsd [edit]
[-] iprinit [edit]
[-] quotaoff [edit]
[-] ctrlaltdel [edit]
[-] create-cracklib-dict [edit]
[-] hwclock [edit]
[-] augenrules [edit]
[-] named-checkconf [edit]
[-] smartctl [edit]
[-] iprupdate [edit]
[-] installkernel [edit]
[-] fsck.ext4 [edit]
[-] load_policy [edit]
[-] convertquota [edit]
[-] auditctl [edit]
[-] luserdel [edit]
[-] plipconfig [edit]
[-] agetty [edit]
[-] sshd [edit]
[-] unix_update [edit]
[-] sys-unconfig [edit]
[-] bitninja-config [edit]
[-] ping6 [edit]
[-] ifup [edit]
[-] virt-what [edit]
[-] dmstats [edit]
[-] quotastats [edit]
[-] pluginviewer [edit]
[-] modsec-sdbm-util [edit]
[-] cracklib-unpacker [edit]
[-] kexec [edit]
[-] crond [edit]
[-] dnssec-keymgr [edit]
[-] pure-ftpwho [edit]
[-] selinux_restorecon [edit]
[-] grpck [edit]
[-] partx [edit]
[-] fdformat [edit]
[-] eximstats [edit]
[-] plymouthd [edit]
[-] slattach [edit]
[-] genl [edit]
[-] tcpslice [edit]
[-] arpspoof [edit]
[-] glibc_post_upgrade.x86_64 [edit]
[-] lgroupdel [edit]
[-] iconvconfig.x86_64 [edit]
[-] sm-notify [edit]
[-] dmsetup [edit]
[-] msgsnarf [edit]
[-] blkmapd [edit]
[-] ip [edit]
[-] getenforce [edit]
[-] nologin [edit]
[-] hardlink [edit]
[-] pwck [edit]
[-] authconfig-tui [edit]
[-] btrfsck [edit]
[-] safe_finger [edit]
[-] grpconv [edit]
[-] sln [edit]
[-] wipefs [edit]
[-] blockdev [edit]
[-] testsaslauthd [edit]
[-] sasldblistusers2 [edit]
[-] dsniff [edit]
[-] dnssec-checkds [edit]
[-] key.dns_resolver [edit]
[-] htcacheclean [edit]
[-] osd_login [edit]
[-] lid [edit]
[-] nl-class-delete [edit]
[-] mkfs.ext4 [edit]
[-] alternatives [edit]
[-] tcpd [edit]
[-] httpd [edit]
[-] tcpnice [edit]
[-] mount.nfs4 [edit]
[-] mkfs.xfs [edit]
[-] e2undo [edit]
[-] sshow [edit]
[-] selabel_lookup [edit]
[-] chkconfig [edit]
[-] selinuxenabled [edit]
[-] xfs_repair [edit]
[-] chcpu [edit]
[-] grub2-reboot [edit]
[-] nl-class-add [edit]
[-] mailsnarf [edit]
[-] ebtables [edit]
[-] tuned-adm [edit]
[-] runq [edit]
[-] autrace [edit]
[-] getsebool [edit]
[-] cfdisk [edit]
[-] rtacct [edit]
[-] dhclient [edit]
[-] sim_server [edit]
[-] wpa_passphrase [edit]
[-] rpcdebug [edit]
[-] exim [edit]
[-] cracklib-check [edit]
[-] lshw [edit]
[-] sshd-keygen [edit]
[-] netreport [edit]
[-] rpcinfo [edit]
[-] xfs_io [edit]
[-] ifcfg [edit]
[-] grpunconv [edit]
[-] xfs_ncheck [edit]
[-] quot [edit]
[-] fsck.minix [edit]
[-] try-from [edit]
[-] ifstat [edit]
[-] plymouth-set-default-theme [edit]
[-] t1libconfig [edit]
[-] modprobe [edit]
[-] mkfs [edit]
[-] semanage [edit]
[-] fixfiles [edit]
[-] iprdump [edit]
[-] lfd [edit]
[-] pure-ftpd [edit]
[-] lgroupmod [edit]
[-] unix_chkpwd [edit]
[-] btrfs-image [edit]
[-] addgnupghome [edit]
[-] dumpe2fs [edit]
[-] partprobe [edit]
[-] grub2-macbless [edit]
[-] mkfs.btrfs [edit]
[-] groupdel [edit]
[-] mklost+found [edit]
[-] snmpd [edit]
[-] ifconfig [edit]
[-] request-key [edit]
[-] lsof [edit]
[-] suphp [edit]
[-] switch_root [edit]
[-] grub2-get-kernel-settings [edit]
[-] iptables-save [edit]
[-] zramctl [edit]
[-] named-compilezone [edit]
[-] sendmail [edit]
[-] grub2-ofpathname [edit]
[-] parted [edit]
[-] sysctl [edit]
[-] fstrim [edit]
[-] ip6tables [edit]
[-] dmfilemapd [edit]
[-] fsck.ext3 [edit]
[-] ether-wake [edit]
[-] authconfig [edit]
[-] urlsnarf [edit]
[-] blkid [edit]
[-] sefcontext_compile [edit]
[-] swapon [edit]
[-] resizepart [edit]
[-] dnssec-importkey [edit]
[-] exinext [edit]
[-] zic [edit]
[-] e2fsck [edit]
[-] xfs_admin [edit]
[-] vpddecode [edit]
[-] imunify-notifier [edit]
[-] mysqld [edit]
[-] chgpasswd [edit]
[-] halt [edit]
[-] iprconfig [edit]
[-] vipw [edit]
[-] sshmitm [edit]
[-] exim_checkaccess [edit]
[-] losetup [edit]
[-] xfs_info [edit]
[-] arping [edit]
[-] cracklib-format [edit]
[-] exicyclog [edit]
[-] whmapi1 [edit]
[-] bitninjacli [edit]
[-] rtpr [edit]
[-] modinfo [edit]
[-] iprsos [edit]
[-] accessdb [edit]
[-] start-statd [edit]
[-] nl-pktloc-lookup [edit]
[-] xfs_estimate [edit]
[-] tcpdmatch [edit]
[-] swapoff [edit]
[-] grub2-bios-setup [edit]
[-] rmmod [edit]
[-] genhostid [edit]
[-] lnstat [edit]
[-] ipmaddr [edit]
[-] grub2-set-default [edit]
[-] mii-diag [edit]
[-] webspy [edit]
[-] btrfs-select-super [edit]
[-] ausearch [edit]
[-] bridge [edit]
[-] nl-qdisc-delete [edit]
[-] xfs_logprint [edit]
[-] wpa_cli [edit]
[-] genhomedircon [edit]
[-] dnssec-keyfromlabel [edit]
[-] mountstats [edit]
[-] nl-cls-add [edit]
[-] mtr [edit]
[-] selabel_lookup_best_match [edit]
[-] arp-fingerprint [edit]
[-] btrfs-convert [edit]
[-] uuserver [edit]
[-] cbq [edit]
[-] getcap [edit]
[-] pam_tally2 [edit]
[-] sw-engine-fpm [edit]
[-] pam_timestamp_check [edit]
[-] restorecon [edit]
[-] mkfs.cramfs [edit]
[-] runlevel [edit]
[-] logrotate [edit]
[-] exim_fixdb [edit]
[-] audispd [edit]
[-] avcstat [edit]
[-] fuser [edit]
[-] nfsidmap [edit]
[-] pure-quotacheck [edit]
[-] ip6tables-save [edit]
[-] usernetctl [edit]
[-] exim_tidydb [edit]
[-] mount.nfs [edit]
[-] audisp-remote [edit]
[-] getpcaps [edit]
[-] cacertdir_rehash [edit]
[-] named [edit]
[-] exim_dbmbuild [edit]
[-] anacron [edit]
[-] xfs_db [edit]
[-] grub2-install [edit]
[-] start-stop-daemon [edit]
[-] pidof [edit]
[-] paperconfig [edit]
[-] irqbalance [edit]
[-] dnssec-dsfromkey [edit]
[-] check_forensic [edit]
[-] fxload [edit]
[-] pwhistory_helper [edit]
[-] blkdiscard [edit]
[-] lwresd [edit]
[-] tc [edit]
[-] setcap [edit]
[-] reboot [edit]
[-] xfs_mkfile [edit]
[-] btrfstune [edit]
[-] logsave [edit]
[-] insmod [edit]
[-] mkhomedir_helper [edit]
[-] fsfreeze [edit]
[-] badblocks [edit]
[-] tmpwatch [edit]
[-] groupadd [edit]
[-] rotatelogs [edit]
[-] mkdumprd [edit]
[-] makedumpfile [edit]
[-] matchpathcon [edit]
[-] ipset [edit]
[-] runuser [edit]
[-] telinit [edit]
[-] build-locale-archive [edit]
[-] rdisc [edit]
[-] packer [edit]
[-] biosdevname [edit]
[-] csf [edit]
[-] nameif [edit]
[-] xfs_metadump [edit]
[-] fsck [edit]
[-] whmapi0 [edit]
[-] routel [edit]
[-] rpc.rquotad [edit]
[-] umount.nfs [edit]
[-] exiqsumm [edit]
[-] sasl2-shared-mechlist [edit]
[-] NetworkManager [edit]
[-] udevadm [edit]
[-] tcpkill [edit]
[-] mkswap [edit]
[-] fsck.cramfs [edit]
[-] macof [edit]
[-] pam_console_apply [edit]
[-] clockdiff [edit]
[-] clock [edit]
[-] mysqld-debug [edit]
[-] ip6tables-restore [edit]
[-] nfsdcltrack [edit]
[-] filesnarf [edit]
[-] umount.nfs4 [edit]
[-] fdisk [edit]
[-] xfs_bmap [edit]
[-] useradd [edit]
[-] nl-qdisc-list [edit]
[-] devlink [edit]
[-] xfs_growfs [edit]
[-] ebtables-save [edit]
[-] quotacheck [edit]
[-] yum-complete-transaction [edit]
[-] pdns_server [edit]
[-] visudo [edit]
[-] lgroupadd [edit]
[-] aureport [edit]
[-] chpasswd [edit]
[-] filefrag [edit]
[-] ifdown [edit]
[-] grub2-sparc64-setup [edit]
[-] btrfs-debug-tree [edit]
[-] dhclient-script [edit]
[-] nl-class-list [edit]
[-] nfsiostat [edit]
[-] pure-mrtginfo [edit]
[-] faillock [edit]
[-] nl-classid-lookup [edit]
[-] adduser [edit]
[-] named-checkzone [edit]
[-] resize2fs [edit]
[-] get-oui [edit]
[-] get-iab [edit]
[-] exim_dumpdb [edit]
[-] nscd [edit]
[-] ldconfig [edit]
[-] setenforce [edit]
[-] pivot_root [edit]
[-] iconvconfig [edit]
[-] lchage [edit]
[-] exiqgrep [edit]
[-] groupmod [edit]
[-] snmptrapd [edit]
[-] dnssec-signzone [edit]
[-] smartd [edit]
[-] dnsspoof [edit]
[-] gss-server [edit]
[-] rpcbind [edit]
[-] xqmstats [edit]
[-] selinuxdefcon [edit]
[-] e2image [edit]
[-] selinuxexeccon [edit]
[-] rpc.gssd [edit]
[-] semodule [edit]
[-] xfs_mdrestore [edit]
[-] sfdisk [edit]
[-] cracklib-packer [edit]
[-] lnewusers [edit]
[-] exiwhat [edit]
[-] grub2-mkconfig [edit]
[-] tuned [edit]
[-] ownership [edit]
[-] lpasswd [edit]
[-] install-info [edit]
[-] e2label [edit]
[-] dnssec-verify [edit]
[-] apachectl [edit]
[-] rtstat [edit]
[-] ethtool [edit]
[-] tracepath6 [edit]
[-] atd [edit]
[-] iprdbg [edit]
[-] userdel [edit]
[-] applygnupgdefaults [edit]
[-] whmlogin [edit]
[-] arp [edit]
[-] swaplabel [edit]
[-] isc-hmac-fixup [edit]
[-] weak-modules [edit]
[-] mkfs.minix [edit]
[-] exportfs [edit]
[-] dnssec-keygen [edit]
[-] xfs_quota [edit]
[-] rpc.idmapd [edit]
[-] nl-cls-delete [edit]
[-] zdump [edit]
[-] grubby [edit]
[-] saslpasswd2 [edit]
[-] fsck.xfs [edit]
[-] named-journalprint [edit]
[-] delpart [edit]
[-] vmcore-dmesg [edit]
[-] consoletype [edit]
[-] groupmems [edit]
[-] killall5 [edit]
[-] update-alternatives [edit]
[-] grub2-probe [edit]
[-] setfiles [edit]
[-] pure-uploadscript [edit]
[-] arpd [edit]
[-] repquota [edit]
[-] btrfs-find-root [edit]
[-] dmidecode [edit]
[-] pwunconv [edit]
[-] chroot [edit]
[-] wpa_supplicant [edit]
[-] ss [edit]