Hi

I want my system to be read only. That mean absolutely no writing on any files. No logs no nothing! I have already stopped syslog, but there is still some logs happening ( wtmp, dmesg, ...).

I have only 1 user on the system and the only thing I want him to do is to execute a program I have made. The system will not be connected to the internet.

Thanks

Eric

Read "man mount" and "man fstab".
Edit /etc/fstab



Cheers,
Tink

Fire up a LiveCD then and don't mount any partitions or filesystems as rw, only ro.

That is not an option since my system wont have a CD reader. I have no screen nor mouse either. After the booting process, the user will automatically get logged in and my program will be launched.

Eric

Out of curiosity ... what will the thing be doing?

No input, no output, no storage. To paraphrase Tinkster, "Inquiring minds want to know: What's the point?"

Edit: Consider the "Live CD" answer, above. (Yes, I do remember that you have no CD on the system.) There are two points to think on:

1) The newer GRUBs include a "boot from ISO9660" option (which I've never used) and
2) A "Live CD" sets up its working file system in RAM with the CD/DVD as ro parts thereof.

From point 2 it's clear that you could mount your hard drive "read only" and then use ramfs to put the parts to which Linux needs to be able to write into RAM. Fore example, mount LABEL=/ / -o ro and mount -t ramfs /dev/ram15 /var/log might put the logs into RAM. (Note the "might" -- again, I've never used ramfs, and I find the documentation in man mount unclear about what to use as the device name for ramfs.)

From point 1, it might be possible to boot from a "Live CD" iso image and not have to figure out how ramfs works.

If you go the "Live CD" route, note that Fedora 8 (and other distributions, I think) includes the tools you can use to create your own "Live CD" containing your applications and boot scripts.

Controlling a radar



Well I think I'm gonna read mount and fstab afterall.

Eric

That's a great idea, something you should have already done. It's usually also a good idea to provide as many details as possible so people like me are sure to not give suggestions to only find out you won't have a cdrom or anything.. it would have saved me some time in my response.

And...
Did you try as read only?

Well I did some change in my /etc/fstab file.

I've changed the mount option from default to: ro,suid,dev,exec,auto,nouser,async.

Then I reboot and guess what... nothing happened.. Everything is like before. So I undo my changes and put back the default mount option. I rebbot and guess what... everything is now read-only. I check my /etc/fstab file and the default option is still there...

So, seems like it is working, but I really don't know why.


Also, how can I be sure nothing has been written on my disk since the last reboot? I saw on a page someone using the command find with the -newer option .

Or find with -cmin


find / -cmin -(minutes since reboot)


Cheers,
Tink