My grub file looks like this:-

# grub.conf generated by anaconda
#
# Note that you do not have to rerun grub after making changes to this file
# NOTICE: You do not have a /boot partition. This means that
# all kernel and initrd paths are relative to /, eg.
# root (hd0,5)
# kernel /boot/vmlinuz-version ro root=/dev/sda6
# initrd /boot/initrd-version.img
#boot=/dev/sda
password --md5 <some hash>
default=1
timeout=5
splashimage=(hd0,5)/boot/grub/splash.xpm.gz
hiddenmenu
title CentOS (2.6.18-194.el5)
root (hd0,5)
kernel /boot/vmlinuz-2.6.18-194.el5 ro root=LABEL=/ rhgb quiet
initrd /boot/initrd-2.6.18-194.el5.img
title Windows XP
rootnoverify (hd0,0)
chainloader +1

I understand the md5 password protects recovery mode options but why is it specifically placed at the begining of everything?

If I place it after "title Centos" line then it asks for password again.. so is this standalone instruction which makes the system to ask for password depending on the location of its placement?

Please explain other possible placements of this "password --md5 <value>" line in the code and its results.

From memory, placing it at the top requests a password to modify boot options, placing it after a Title will prompt for a password to boot that item.

1 members found this post helpful.

Placing the password at the top will instruct the grub to stop the editing or passing parameters to the kernel via the grub. ( Example entering the single user mode )

Placing the password below the title will ask for a password before booting the OS. lets suppose you do not want to boot into a non-secured OS or any recover mode etc you can set a password there.

I do not think there are other places you can place the password.

1 members found this post helpful.

Got it..Thanks a lot! These replies solved the doubt.. :-)