GRUB reads many file systems without the help of an operating system. An operator can interrupt the booting sequence to choose a different operating system to boot, change boot options, or recover from a system error. However, these functions may introduce serious security risks in some environments. You can add a password to GRUB so that the operator must enter the password to interrupt the normal boot sequence.

	GRUB Passwords Not Required
	You may not require a GRUB password if your system only has trusted operators, or is physically secured with controlled console access. However, if there is a chance someone can get physical access to the keyboard and monitor of your computer, that person can reboot the system and access GRUB. This is where a password is helpful.

To set a boot password, select the Use a boot loader password checkbox. The Change password button will become active. Select Change password to display the dialog below. Type the desired password, and then confirm it by typing it again in the spaces provided.

Figure 7.4. Entering A Boot Password

	Choose a Good Password
	Choose a password that is easy for you to remember but hard for others to guess.

	Forgotten GRUB Passwords
	GRUB stores the password in encrypted form, so it cannot be read or recovered. If you forget the boot password, boot the system normally and then change the password entry in the /boot/grub/grub.conf file. If you cannot boot, you may be able to use the "rescue" mode on the first Fedora Core installation disc to reset the GRUB password.

If you do need to change the GRUB password, use the grub-md5-crypt utility. For information on using this utility, use the command man grub-md5-crypt in a terminal window to read the manual pages.