Open CorneelVanMoll opened 1 month ago
Do you want your end user to only interact with the Live Environment, or do you want to allow them to also be able to install the OS to the computer?
This is the Grub menu from the Live Environment. Is this what you want to control (or are you trying to control the Grub menu, after the OS is installed?)
Also do you want to prevent the user from selecting certain options from the above menu, or you want to prevent them from editing the options by pressing the e
key?
Do you want your end user to only interact with the Live Environment, or do you want to allow them to also be able to install the OS to the computer?
Do you want to prevent the user from selecting the "Rescue mode" option in Grub from the Live Environment, or do you want to prevent them from editing the grub options (by pressing
e
on the Grub menu)?
Hi, another student here working on the same project. First of all thanks for you quick response!
We are trying to create a live environment for end user to use straight from a USB-stick, so no installs are being done.
To prevent single-user mode, grub entries should indeed not be editable by pressing e
or tab
in the menu.
Skipping the grub-menu altogether and booting straight into the Live System would also be great. Both problems have to be fixed through grub configuration we believe.
Just so you have a concrete idea of what we are trying to do, these are the steps that we followed to successfully disable single-user boot and skip the boot menu (in a normal, non-live debian install):
# Ask, hash and set a root password
read -s -p "Enter password: " passw
HASHPW=$(echo -e "$passwd\n$passwd" | LC_ALL=C /usr/bin/grub-mkpasswd-pbkdf2 | awk '/hash of / {print $NF}')
echo "set superusers=root" | tee -a /etc/grub.d/40_custom
echo "password_pbkdf2 root $HASHPW" | tee -a /etc/grub.d/40_custom
sed -i '/^CLASS=/ s/"$/ --unrestricted"/' /etc/grub.d/10_linux
# Set the grub-menu timeout to 0 and disable it:
# We set GRUB_TIMEOUT=0 and add the line GRUB_DISABLE_SUBMENU=y to /etc/default/grub
sed -i '/GRUB_TIMEOUT/c\GRUB_TIMEOUT\=0' /etc/default/grub
sed -i '/GRUB_DEFAULT/iGRUB_DISABLE_SUBMENU\=y' /etc/default/grub
Thanks you so much!
First, you must understand there are two Grub menus you have to deal with.
The Grub menu for the Live system is managed on the Boot tab of the Options page in Cubic.
apt remove
on the Terminal page, since you do not want the user to ever install your customized OS).Hi
We have already been able to remove all menu entries except Live Mode successfully. Setting the Grub-Menu timeout to 0 or setting a password for editing grub-menu entries proved harder.
Our project is due in 4 days. However it is no big problem if we cannot figure it out so please do not feel pressed. Our research on the topic is more important than the final product we present.
Have a nice day!
Not sure this will work, but you might try simply removing the rescue.service
file.
/usr/lib/systemd/system/rescue.service
Theoretically, if a person does edit the boot menu and enables rescue mode, it won't work.
(Of course, someone could reinstall this in the live environment, so if it does work, it may not be 100% fool proof).
We are students trying to create a custom live boot with Cubic, the application has been fantastic so far however we have come across an issue that seems more complex to fix.
We need to prevent users of the live system to access the single user mode as they should not be allowed to have root access.
What we tried:
Expected behavior
Users of the live system are not able to have root access without the root password.
OS Information (please complete the following information):
Cubic Information (please complete the following information):
Download Link: https://cdimage.debian.org/debian-cd/current-live/amd64/iso-hybrid/debian-live-12.5.0-amd64-gnome.iso
Thanks in advance!