GRUB Boot Loader | The Book of Webmin: Or How I Learned to Stop Worrying and Love UNIX

Much like the LILO boot loader discussed in the previous section, GRUB, or the GRand Unified Bootloader, is a boot loader that provides boot selection for any number of Linux kernel revisions and other operating system variants. It is more powerful and flexible than LILO, but also somewhat more complex in operation than LILO. Most modern Linux distributions provide both GRUB and LILO boot loaders, with GRUB being the default. GRUB operates slightly differently than LILO, as it does not have to be rewritten to the MBR anytime the kernel or boot parameters are changed. GRUB knows how to read many filesystem types, and therefore can mount the system boot disk and read in its configuration files and new kernels during the boot process.

Tip

GRUB is extensively documented in the grub info pages. Simply type info grub on the command line to browse the GRUB documentation. More information can also be found on the GRUB home page [http://www.gnu.org/software/grub/].

The main GRUB module page displays each of the currently configured kernels and operating systems that GRUB will list in its boot menu (Figure 14-4). Clicking a kernel will open a new page displaying all of the configured options for that kernel, where they can be edited. Clicking the Edit Global Options button will allow you to configure options that will apply to all bootable kernels and operating systems.

click to expand
Figure 14-4: GRUB Boot Loader

Note

When you click a kernel or OS icon or the Edit Global Options button, Webmin runs GRUB to obtain the details for that kernel or the global configuration details. This process can take 30 seconds or more, because GRUB scans the system for disks and reads in the current boot configuration details.

Global Options

The Global Options page provides access to the options that will apply to all bootable kernels and operating systems, including the kernel to boot by default, password options, and boot timeout (Figure 14-5).

click to expand
Figure 14.5: Global Options

Default boot option

This option allows you to specify the kernel or operating system that will be booted by default, if nothing is selected by the user from the boot menu. This option corresponds to the default directive in the grub.conf configuration file.

Fallback boot option

If the user-selected or default boot option fails because GRUB cannot locate the necessary file, this specifies the kernel or OS that GRUB should attempt to boot. This option correlates to the fallback directive.

Timeout before loading default

When booting, GRUB normally displays a menu of bootable items and waits for a few seconds for the user to select an option. If nothing is selected, the default item will be booted. This timeout is usually ten seconds, but can be made shorter or longer with this option. This option correlates to the timeout directive.

Boot password

If the system will be located in an unsecured environment, and may contain sensitive data, it can be password protected so that even during booting the installed system cannot easily be compromised. This option correlates to the password directive and defaults to none.

Caution

Even if GRUB is configured to require a password, and the operating system has been locked down appropriately, it may still be possible to compromise a system by someone who has physical access to the hardware on which the system is running. If the hardware provides alternate methods of booting, like CD, floppy disk, or USB disks, it may be possible for an attacker reboot the system into their own OS from which they can mount the system disks containing your data. Or, even without the ability to boot directly from another external medium, an attacker could install a hard disk of his own into the system and boot from it instead of your boot. This isn’t likely to be a problem in traditional office environments, but if you operate a public kiosk that gathers user data, or some other publicly available system, it is worth devoting some time to considering the many ways in which an attacker could obtain access to your data.

Install GRUB on disk/partition

This option allows you to specify the disk, and the location on the disk, for where the first stage GRUB boot loader will be installed. The first stage contains only the code needed to read the later stages and configuration details off of the system disks. Normally, it will reside on the Master Boot Record, or MBR, of the first disk in the system, though it can reside on a specific partition (where GRUB itself must be booted by another boot loader) or on other disks. This option corresponds to the directive.

Edit Boot Option

Clicking on a kernel or operating system icon will open the Edit Boot Option page (Figure 14-6), which allows you to configure the boot options for the kernel or operating system specified. Here you may specify the title that will be display on the boot menu and the location of the item to be loaded, and enable password protection.

click to expand
Figure 14-6: Edit boot option

Option title

When GRUB is first loaded, it will display a menu of items that can be booted. This option specifies the title of the item. It is usually used to indicate the name and version of the operating system, but may contain any information you would like to present to the user. This option correlates to the title directive.

Boot image partition

This option allows you to specify the location of the item to be booted. It is not required to be on the same disk or partition as the GRUB boot loader, but it must be contained on a disk and filesystem type that GRUB is able to access. This option corresponds to the root directive.

Operating system to boot

Here you may specify the type of operating system to boot and the filename of the specific kernel to boot if booting a Linux kernel. GRUB supports most operating systems that have their own boot loader, in addition to booting Linux directly. Thus, it is possible to boot Windows operating systems, multiple Linux versions, or BSD operating systems, using the same GRUB menu. Kernel options may be passed to a Linux kernel, by specifying them in the Kernel options field of this section. For example, you may wish to have a menu item entitled Single User that boots your system into single user mode, for emergency maintenance (or resetting the root password, if it is lost). Doing this simply requires you to copy an existing boot entry and add the word single to the end of the list of existing kernel options.

Password locked?

GRUB has relatively fine-grained access control (for a boot loader, anyway), in that you can specify which boot menu items will require a password to boot. This option corresponds to the lock directive. Password protection must be enabled in the Global Options page for this directive to work.