Clarify use of superusers variable and menu entry access

superusers controls both CLI and editing. Also explicitly mention that
empty superusers disables them.

"Access to menuentry" is a bit vague - change to "execute menuentry"
to make it obvious, what access is granted.
This commit is contained in:
Andrei Borzenkov 2015-05-30 19:36:41 +03:00
parent fd73b3d008
commit dec7718878

View file

@ -5428,10 +5428,12 @@ In order to enable authentication support, the @samp{superusers} environment
variable must be set to a list of usernames, separated by any of spaces,
commas, semicolons, pipes, or ampersands. Superusers are permitted to use
the GRUB command line, edit menu entries, and execute any menu entry. If
@samp{superusers} is set, then use of the command line is automatically
restricted to superusers.
@samp{superusers} is set, then use of the command line and editing of menu
entries are automatically restricted to superusers. Setting @samp{superusers}
to empty string effectively disables both access to CLI and editing of menu
entries.
Other users may be given access to specific menu entries by giving a list of
Other users may be allowed to execute specific menu entries by giving a list of
usernames (as above) using the @option{--users} option to the
@samp{menuentry} command (@pxref{menuentry}). If the @option{--unrestricted}
option is used for a menu entry, then that entry is unrestricted.