grub2 – sanity prevails

Back in April 2014 I wrote a new LCFG component to configure the grub2 bootloader. At the time I blogged about the problems with restricting edit access for menu items. The issue was that once you had a list of “super users” the access to BOTH editing and booting menu items was completely restricted to those users. There was no way to allow normal users to boot a particular item without also giving them the ability to edit the menu items (which we really do not want to do…).

Thankfully it appears that sometime since I last looked the situation has vastly improved and sanity has prevailed. Now the behaviour is that when there are super-users specified the editing and booting of menu items is restricted to those users except where a menu item is marked as unrestricted.

For the LCFG component this is as simple as this:

!grub2.users_lcfg_kernel mSET(unrestricted)

In the case of the standard lcfg kernel item that’s now the default behaviour so normal users will always be able to boot that item.

At the same time I also took the chance to slightly improve how the list of super users is specified in the grub configuration so that it is now applied to all menu items not just those managed by the LCFG component.

This entry was posted in Uncategorized. Bookmark the permalink.

Leave a Reply