For any given Linux system, you'll have at least two boot options. You'll have the option to boot normally and the option to boot into recovery mode. Red Hat-type and Ubuntu-type operating systems are unique, in that they don't overwrite the old kernel when you do an operating system update. Instead, they install the new kernel along with the old one, and all the installed kernels have their own boot menu entries. On Red Hat-type systems, you'll never have more than five installed kernels because once you have five kernels installed, the oldest kernel will be automatically deleted the next time a new kernel is available in a system update. With Ubuntu-type systems, you'll need to manually delete the old kernels by running sudo apt autoremove.

You may also have a dual-boot or a multi-boot configuration, and you might want only certain users to use certain boot options. Let's say that you have a system with both Windows and Linux installed, and you want to prevent certain users from booting into either one or the other. You can do that by configuring GRUB 2, but you probably won't. I mean, a password and user account are required to log in to an operating system anyway, so why bother?

The most realistic scenario I can think of where this would be useful would be if you have a computer set up in a publicly accessible kiosk. You wouldn't want the general public to boot the machine into recovery mode, and this technique will help prevent that.

This technique works mostly the same on both Red Hat-type and Ubuntu-type distros, with a few exceptions. The major one is that we need to disable the submenu on the Ubuntu machine.