Disable Recovery Option in GRUB Boot Menu
Normally when Ubuntu boots, it is possible to hold the left <SHIFT> key down to access the GRUB boot menu. Among the other entries on the list, is a recovery option for each installed kernel. This allows the user easy access to the file system as the root user, hence invalidating normal run-time security.
To reduce the risk of the system being tampered with in this way, this article describes the process to remove the recovery options from the GRUB boot menu.
Supported Releases
Should work in all Ubuntu releases. Tested from 10.04 (Lucid Lynx) on Ubuntu Desktop and Server editions.
Required Packages
None, as GRUB will already be installed!
Configuration
Log on and become root:
sudo -s
Edit the file /etc/default/grub
and locate the following text:
# Uncomment to disable generation of recovery mode menu entries #GRUB_DISABLE_RECOVERY="true"
Uncomment the option and save the file as follows:
# Uncomment to disable generation of recovery mode menu entries GRUB_DISABLE_RECOVERY="true"
Once saved, regenerate the GRUB configuration for the system:
update-grub
You can now reboot and hold the left <SHIFT> key during boot to display the GRUB menu. The recovery options should be missing.