Without the GRUB Password, anyone can edit the kernel parameters and boot into single-user mode and enable them to log as root.
Step 1:
Use grub-md5-crypt command encrypt password in MD5 format:
# grub-md5-crypt
Password:
Retype password:
$1$gBrNd/$QccThGN4QFPdOiOtaTl.c0
Step 2: Edit GRUB configuration file
# vi /boot/grub/menu.lst
Insert this line into /boot/grub/menu.lst
password --md5 $1$gBrNd/$QccThGN4QFPdOiOtaTl.c0
Something like this....
# grub.conf generated by anaconda
#........
default=0
timeout=5
splashimage=(hd0,0)/grub/splash.xpm.gz
hiddenmenu
password --md5 $1$H7tNd/$GEYVMUDHmIkhb4xwNwywR.
title CentOS (2.6.18-164.el5)
root (hd0,0)
kernel /vmlinuz-2.6.18-164.el5 ro root=/dev/VolGroup00/LogVol00 rhgb quiet
initrd /initrd-2.6.18-164.el5.img
It's done. Horray