Nowadays, /etc/grub.d/40_custom provides a nice place for the "set superusers" and "password*" commands
But that's not sufficient, as it requires the allowed boot entries to be marked --unrestricted, which no script appears to support yet. I am adding myself --unrestricted to the CLASS definition in /etc/grub.d/10_linux, but that's clearly a hack, as shown by the system being turned unbootable each time I forget that *I* was the one adding that option and let the package overwrite this script with the new version. With today's infrastructure, it would not be too hard to let the admin add such a flag from /etc/default/grub, maybe with an ADDFLAGS variable that would be usable by more than the 10_linux script (think Hurd/*BSD/memtest*/whatever). Or do I miss something ? -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
