I know you posted this back in May, but I found some stuff that might help anyone looking at this article. I have the same exact problem, and I have not found a true fix for my symptoms yet, but I figured I would post some of my findings.
First, the trick with running some apt-get
updates can be found here:link.
I modified mine a bit based on some other articles I read, and also because I encountered one error message with the cp command while trying to copy:
(This is assuming you did the first two steps from the link above and are running from a Live CD that you booted from)
sudo mkdir /media/precise
sudo mkdir /media/precise/proc /media/precise/dev /media/precise/etc
sudo mount /dev/sda1 /media/precise
sudo mount -o bind /proc /media/precise/proc
sudo mount -o bind /dev /media/precise/dev/
sudo mount -o bind /dev/pts /media/precise/dev/pts
sudo cp --remove-destination /etc/resolv.conf /media/precise/etc/resolv.conf
sudo chroot /media/precise apt-get update
sudo chroot /media/precise apt-get upgrade
sudo chroot /media/precise apt-get update --fix-missing
sudo chroot /media/precise dpkg --configure -a
sudo chroot /media/precise dpkg-reconfigure keyboard-configuration
sudo chroot /media/precise apt-get -f install
The reason I had to add the --remove-destination
is because I was getting an error message that read something to the effect of:
cp: not writing through dangling symlink path/to/danling/symlink/a-file
(found the solution for that here: force cp to copy on dangling symlinks)
Secondly, it wasn't until the OS booted that the problem presented itself (hence why the Live Disk worked just fine). So, choosing different option in Grub was possible. I had gone back by two kernels and still had the problem.
Finally, while working on it with someone else at work, he had looked the computer the day before, and said that he booted back several kernels and got into command line, but not GUI. This was a great start because I had an Apache Web Server I needed to get up and available for people again ASAP. So, right now, the machine is running on an old kernel with a broken GUI but apparently working CLI and I am not sure what to do next. Try to remove the kernel? Remove and reinstall X? Not totally sure, but at least its a start, and maybe the link and code I listed above will be a fix for someone else with this problem.
Best Answer
Grub allows you to password protect its config and console, as well as individual operating system entries. Please note that this will not stop dedicated individuals, especially the ones that know what they are doing. But I assume you know that. Lets get started.
generate a password hash..
You could store your grub password in plain text but that is entirely insecure and anyone that had access to your account could quickly figure it out. To prevent this we hash the password using the
grub-mkpasswd-pbkdf2
command, like so:While you type your password no characters will show in the terminal, this is to prevent people looking over your shoulders, etc. Now, copy the entirety of your hash with Ctrl+Shift+C.
protecting the config, console..
Run:
This will create a new configuration file called
40_custom
in grub's configuration directory. Now add the lines:Where
username
is a username of your choice andhash
is the hash we generated in the last command. Press Ctrl+O and then Ctrl+X to save and quit. Run:To finalize the changes. Now, when anyone attempts to edit the grub configuration or access a grub console it will prompt them for a username and password.
password protecting operating system entries..
Currently the only method to achieve this I can find is to edit the
/boot/grub/grub.cfg
manually. This is only temporary however as any new kernel update will rewrite this file and your passwords will be gone (note that this doesn't effect the console/editing password we set above). All other methods I have found so far are extremely out of date and I can no longer get them to work.I've asked the grub mailing list if there is a newer method and will edit this answer as soon as I find out.