# Set Password Protection for Recovery Mode Shell in Ubuntu (GRUB Root Access Security)

Generate a Password Hash:

```
grub-mkpasswd-pbkdf2
```

You'll be prompted to enter your password, and then the command will output the hash.

Edit the GRUB Configuration:

```
sudo nano /etc/grub.d/40_custom
**Add a GRUB Menu Entry:** Add the following lines at the end of the file:
set superusers="root"
password_pbkdf2 root GRUB_PASSWORD_HASH
Replace `GRUB_PASSWORD_HASH` with the password hash generated in step 1.
```

**Update GRUB:** After making changes to the GRUB configuration, update GRUB to apply the changes:

```
sudo update-grub
```

**Reboot Your System:** Reboot your system to apply the changes:

```
sudo reboot
```

After performing these steps, when you boot into recovery mode and try to access the root shell, GRUB will prompt you to enter a username and password. Enter `root` as the username and the password you set earlier. This adds an extra layer of security to your recovery mode shell.

**REMOVE PROCESS:**

To remove the username and password protection from the GRUB bootloader, you need to revert the changes you made in the GRUB configuration. Here's how you can do it:

```
sudo nano /etc/grub.d/40_custom
**Remove the Password Lines:** Delete the lines you added to set the superuser and password. These lines typically look like:
set superusers="root"
password_pbkdf2 root GRUB_PASSWORD_HASH
Remove both the `set superusers` line and the `password_pbkdf2` line.
```

**Update GRUB:** After making changes to the GRUB configuration, update GRUB to apply the changes:

```
sudo update-grub
```

**Reboot Your System:** Reboot your system to apply the changes:

```
sudo reboot
```

After performing these steps, the GRUB bootloader should no longer prompt you for a username and password during boot. The system will boot directly to the default boot entry without any authentication required.