Clarify use of superusers variable and menu entry access

superusers controls both CLI and editing. Also explicitly mention that empty superusers disables them. "Access to menuentry" is a bit vague - change to "execute menuentry" to make it obvious, what access is granted.
2015-05-30 19:36:41 +03:00 · 2015-05-30 19:36:41 +03:00 · dec7718878
parent fd73b3d008
commit dec7718878
1 changed files with 5 additions and 3 deletions
--- a/docs/grub.texi
+++ b/docs/grub.texi
@ -5428,10 +5428,12 @@ In order to enable authentication support, the @samp{superusers} environment
 variable must be set to a list of usernames, separated by any of spaces,
 commas, semicolons, pipes, or ampersands.  Superusers are permitted to use
 the GRUB command line, edit menu entries, and execute any menu entry.  If
-@samp{superusers} is set, then use of the command line is automatically
-restricted to superusers.
+@samp{superusers} is set, then use of the command line and editing of menu
+entries are automatically restricted to superusers. Setting @samp{superusers}
+to empty string effectively disables both access to CLI and editing of menu
+entries.

-Other users may be given access to specific menu entries by giving a list of
+Other users may be allowed to execute specific menu entries by giving a list of
 usernames (as above) using the @option{--users} option to the
@samp{menuentry} command (@pxref{menuentry}).  If the @option{--unrestricted}
 option is used for a menu entry, then that entry is unrestricted.