1. installing
  2. grub shell
  3. configuring
  4. password protection
  5. links
  6. Software RAID

installing

The Debian installer now uses grub by default. If, by chance, you are on a system which is not already using grub:

> apt-get install grub
> grub-install /dev/hda

where /dev/hda is the boot disk.

Debian has an little script to automatically update the boot menu:

> update-grub

Grub maps disks and partitions in a different way than linux. Here are some examples of how it might name disks:

/dev/sda1 --> (hd0,0)
/dev/hda3 --> (hd0,1)
/dev/hdb  --> (hd1)

Every computer will be different. Check the file /boot/grub/device.map to see how grub mapped drives. If it did not map them correctly, or not the way you want, you can just edit the device.map yourself. For example, grub has a hard time guessing correct values for compaq's integrated array controller. So you might set device.map like this:
(hd0)  /dev/ida/c0d0
(hd1)  /dev/ida/c0d1

grub shell

to be written

configuring

But now we need to do a little editing. There is a stanza in menu.lst that is commented out where you can configure options for the automatically generated items. The default kernel options are usually wrong.

Edit /boot/boot/grub/menu.lst and change these lines:

# kopt=root=/dev/hda1 ro
# groot=(hd0,0)

These are commented out because they are used as values when you run update-grub. There are two methods of specifying partitions here. /dev/hda1 is the same disk and partition as (hd0,0), /dev/hdc3 would be (hd2,2). Get it?

groot should equal the /boot partition (the partition which is bootable, regardless if it is mounted as /boot, it might be mounted as /).

kopt=root should be the root partition. might be the same as groot, but probably not.

For more info, read /usr/share/doc/grub/README.Debian. You can now rerun update-grub whenever a new kernel is built, and it will get added to the menu. Note that you need to run grub-install each time a new grub package is installed. In the menu.lst, root is set to /boot, because this is where the kernels are, and then the real root is configured in the kernel options. You would probably do this differently if you were using the grub command line.

password protection

Add a password to the grub configuration. The password is essential so that you cannot interactively edit the grub menu items (either by the menu entry editor or the command line) without the password. This keeps someone from booting your system by adding init=/bin/sh at the end of the kernel line, which would give root access to the system.

First you create a hashed password, the password should be good, as it can be used to gain root access.

grub> md5crypt
Password: **********
Encrypted: $1$U$JK7xFegdxWH6VuppCUSIb.

Then add this line at the top of the grub configuration (using the encrypted line form the above md5crypt command):

password --md5 $1$U$JK7xFegdxWH6VuppCUSIb.

links

we need an grub boot floppy image to put here.

Software RAID

Grub works with software RAID1, so long as grub is installed on each disk.

But there is a problem. Lets say you have sda and sdb. If sdb fails, then if grub is installed on sda then it should boot fine. However, if sba fails, then sdb typically becomes sba. If grub was installed on sdb while it was mapped to device hd1, it will not be able to boot correctly (since there is no longer a hd1).

The trick is to make grub think that it is installing on (hd0) when it is installing on sdb.

# grub
grub> device (hd0) /dev/sdb
grub> root (hd0,0)
grub> setup (hd0)

see lists.us.dell.com/pipermail/linux-poweredge/2003-July/014331.html