#794 Issue `closed`: ALL Grub entries after booting are protected¶

Labels: bug, support / question, fixed / solved / done

shoodle opened issue at 2016-03-10 12:42:¶

Hi,

i commented already on issue #703 but am not sure if anybody will read that.

REAR version: 1.17.2 (newest deb)
OS version: Linuxmint Debian (rolling release with latest updates)

Today i wrote a config file like this /etc/rear/site.conf:

OUTPUT=USB
BACKUP_PROG=rsync
BACKUP_PROG_EXCLUDE=( '/dev/' '/proc/' '/sys/' '/tmp/' '/run/' '/mnt/' '/media/*' '/lost+found' )
BACKUP=NETFS
BACKUP_PROG_INCLUDE=( '/' )
MANUAL_INCLUDE=YES
BACKUP_URL=usb:///dev/disk/by-label/REAR-000
GRUB_RESCUE=1

When the backup finished i found a modified /boot/grub/grub.cfg and a new entry /etc/grub.d/01_users.

The output at the end of rear.log on the USB HD (backup medium):

2016-03-10 11:09:02 USB syslinux version: 6.03
2016-03-10 11:09:02 System syslinux version: 6.03
2016-03-10 11:09:02 No need to update syslinux on USB media (at version 6.03).
2016-03-10 11:09:02 Features based on syslinux version: 6.03
2016-03-10 11:09:02 Using syslinux prefix: boot/syslinux
2016-03-10 11:09:02 Creating rear/indra/20160310.1108/syslinux.cfg
2016-03-10 11:09:02 Creating /rear/syslinux.cfg
2016-03-10 11:09:02 Processing rear/indra/20160310.1024/syslinux.cfg
2016-03-10 11:09:02 Processing rear/indra/20160310.1054/syslinux.cfg
2016-03-10 11:09:02 Processing rear/indra/20160310.1108/syslinux.cfg
2016-03-10 11:09:02 Creating boot/syslinux/extlinux.conf
2016-03-10 11:09:02 Created extlinux configuration 'boot/syslinux/extlinux.conf'
2016-03-10 11:09:02 Including output/USB/Linux-i386/83_copy_kernel_initrd.sh
'/boot/vmlinuz-3.16.0-4-amd64' -> '/tmp/rear.vSe03a2xuun7xrN/outputfs/rear/indra/20160310.1108/kernel'
'/tmp/rear.vSe03a2xuun7xrN/tmp/initrd.cgz' -> '/tmp/rear.vSe03a2xuun7xrN/outputfs/rear/indra/20160310.1108/initrd.cgz'
2016-03-10 11:09:02 Copied kernel and initrd.cgz to rear/indra/20160310.1108
2016-03-10 11:09:02 Saved /var/log/rear/rear-indra.log as rear/indra/20160310.1108/rear.log
2016-03-10 11:09:02 Including output/USB/Linux-i386/85_make_USB_bootable.sh
2016-03-10 11:09:02 No need to update syslinux on USB media (version 6.03).
2016-03-10 11:09:02 Including output/default/94_grub2_rescue.sh
/usr/share/rear/output/default/94_grub2_rescue.sh: line 107: type: grub2-mkconfig: not found
Generating grub configuration file ...
Found linux image: /boot/vmlinuz-3.16.0-4-amd64
Found initrd image: /boot/initrd.img-3.16.0-4-amd64
Found memtest86+ image: /boot/memtest86+.bin
Found memtest86+ multiboot image: /boot/memtest86+_multiboot.bin
No volume groups found
Found Windows 8 (loader) on /dev/sda1
done
awk: -:19: warning: escape sequence \'' treated as plain''
--- /boot/grub/grub.cfg 2016-03-10 11:09:03.484622439 +0100
+++ /tmp/rear.vSe03a2xuun7xrN/tmp/grub.cfg 2016-03-10 11:09:03.488622439 +0100
@@ -266,3 +266,9 @@
source $prefix/custom.cfg;
fi

END /etc/grub.d/41_custom¶

+menuentry "Relax and Recover" --class os --users "" {

set root='hd0,msdos1'

linux /rear-kernel selinux=0 console=ttyS0,9600 console=tty0

initrd /rear-initrd.cgz

password_pbkdf2 rearadmin REAR

+}

2016-03-10 11:09:03 Modifying local GRUB configuration
'/boot/grub/grub.cfg' -> '/boot/grub/grub.cfg.old'
'/boot/vmlinuz-3.16.0-4-amd64' -> '/boot/rear-kernel'
'/tmp/rear.vSe03a2xuun7xrN/tmp/initrd.cgz' -> '/boot/rear-initrd.cgz'
2016-03-10 11:09:03 Including output/default/94_grub_rescue.sh
2016-03-10 11:09:03 Including output/default/95_copy_result_files.sh
2016-03-10 11:09:03 Copying resulting files to usb location
'/usr/share/rear/conf/templates/RESULT_usage_USB.txt' -> '/tmp/rear.vSe03a2xuun7xrN/outputfs/indra/README'

When i booted my computer ALL menu entries in the grub menu were protected with "username" and "password". When i tried to access an entry with username "rearadmin" and password "REAR" i get the message

Failed to boot both default and fallback entries.

Therefore i cannot access any of the different OS entries in my system!

Booting with a rescue CD and removing /etc/grub.d/01_users and restoring the backup copy /boot/grub/grub.cfg.old to grub.cfg didn't help. (Because of a different os on the CD i couldn't chroot and run grub-config). Only the REAR entry in the Grub menu is removed.

When i read https://help.ubuntu.com/community/Grub2/Passwords i get the impression that something is wrong with the line

password_pbkdf2 rearadmin REAR

in /etc/grub.d/01_users (it should be an encrypted password).

What can I do to get access to my computer again??

gdha commented at 2016-03-10 15:25:¶

According script /usr/share/rear/output/default/94_grub2_rescue.sh you should pass:

if [[ ! "${GRUB_RESCUE_PASSWORD:0:11}" == 'grub.pbkdf2' ]]; then
    StopIfError "GRUB_RESCUE_PASSWORD needs to be set. Run grub2-mkpasswd-pbkdf2 to generate pbkdf2 hash"
fi

Was this set correctly to a hashed password? Or, what went wrong?

shoodle commented at 2016-03-10 15:39:¶

Thank you for your response, gdha.

The newly created /etc/grub.d/01_users has been:

#!/bin/sh
cat <<EOF
set superusers="rearadmin"
password_pbkdf2 rearadmin REAR
EOF

No hashed password

gdha commented at 2016-03-10 15:51:¶

@shoodle I see then the author (@sanderu in ipull request #589) of the script made a mistake in the sense when password_pbkdf2 is used it must be a hashed password, or am I wrong?