Clarify use of superusers variable and menu entry access

superusers controls both CLI and editing. Also explicitly mention that
empty superusers disables them.

"Access to menuentry" is a bit vague - change to "execute menuentry"
to make it obvious, what access is granted.

diff --git a/docs/grub.texi b/docs/grub.texi
index 88bd75f386a513783b1d4703528f2996c868b2ad..b9f41a73ec2346911f4c953afd38dc81e0c33a40 100644 (file)
--- a/docs/grub.texi
+++ b/docs/grub.texi
@@ -5428,10 +5428,12 @@ In order to enable authentication support, the @samp{superusers} environment
 variable must be set to a list of usernames, separated by any of spaces,
 commas, semicolons, pipes, or ampersands.  Superusers are permitted to use
 the GRUB command line, edit menu entries, and execute any menu entry.  If
-@samp{superusers} is set, then use of the command line is automatically
-restricted to superusers.
+@samp{superusers} is set, then use of the command line and editing of menu
+entries are automatically restricted to superusers. Setting @samp{superusers}
+to empty string effectively disables both access to CLI and editing of menu
+entries.
 
-Other users may be given access to specific menu entries by giving a list of
+Other users may be allowed to execute specific menu entries by giving a list of
 usernames (as above) using the @option{--users} option to the
 @samp{menuentry} command (@pxref{menuentry}).  If the @option{--unrestricted}
 option is used for a menu entry, then that entry is unrestricted.