Below is the GRUB menu where we are planning to put the password so that no one logs in to single user mode without permission
As you can see by default anyone can press “e” and edit the grub menu to enter single user mode
Login as root and run the below command. When prompted, provide the grub password to be used
# grub-md5-crypt Password: Retype password: $1$KYWqk1$cyrEcj8xXtctko70sSowx.
Next edit the GRUB configuration file /etc/grub.conf and add a new entry as shown below after timeout parameter in the main section.
Replace <password-hash> with the value returned by grub-md5-crypt above
# less /etc/grub.conf default=0 timeout=5 password --md5 $1$KYWqk1$cyrEcj8xXtctko70sSowx. splashimage=(hd0,0)/grub/splash.xpm.gz hiddenmenu
Next time the system boots, the GRUB menu does not allow access to the editor or command interface without first pressing p followed by the GRUB password.