LinuxQuestions.org
Latest LQ Deal: Complete CCNA, CCNP & Red Hat Certification Training Bundle
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 09-20-2009, 07:05 AM   #1
coffeecoffee
Member
 
Registered: Feb 2009
Posts: 58

Rep: Reputation: 16
I just installed Debian, now how do I make the whole system readonly? (embedded sys)


Hi

I just installed Debian (Lenny) onto a Compact Flash card. This is to be used in an embedded system that only does one thing (runs a custom program). It does not need to be able to write to the disk at all, so I'm hoping to mount the file system readonly or similar. This makes sure that when people turn it off without shutting down properly, it does not cause any problems as the system will still boot up next time as though it had been untouched.

Can anyone explain how or lead me in the right direction as to how to make my current Debian install readonly? Is it simply about setting the appropriate options in fstab?

Thanks.
 
Old 09-20-2009, 07:18 AM   #2
linus72
LQ Guru
 
Registered: Jan 2009
Location: Gordonsville-AKA Mayberry-Virginia
Distribution: PocketWriter/MinimalX
Posts: 5,087

Rep: Reputation: 337Reputation: 337Reputation: 337Reputation: 337
good question

your running the debian from CF card as a hd installed system or frugal debian-live?
 
Old 09-20-2009, 08:03 AM   #3
catkin
LQ 5k Club
 
Registered: Dec 2008
Location: Tamil Nadu, India
Distribution: Debian
Posts: 8,576
Blog Entries: 31

Rep: Reputation: 1195Reputation: 1195Reputation: 1195Reputation: 1195Reputation: 1195Reputation: 1195Reputation: 1195Reputation: 1195Reputation: 1195
Quote:
Originally Posted by coffeecoffee View Post
Is it simply about setting the appropriate options in fstab?
If only!

It is possible to mount /usr read-only relatively easily but / is harder.

Good information to start with here.

I had to do a bit more (this on ubuntu 8.04, debian probably similar).

Beware that /home needs to be writeable if you are going to log in as an ordinary user.

Suggest make online copy of fstab so easier to back out the readonly change by renaming if have to recover by booting the likes of Knoppix to recover.

Following from my log. Notes rather than instructions but hope will help some.

Beware (in case NFS mounting anything) init script mountall.sh is not all but all local.

Code:
root@CW8uV:/etc/init.d# diff mtab.sh.org mtab.sh.new
102a103,114
> 	domtab tmpfs /var/log "varlog" -omode=0755,nodev,noexec,nosuid
> 	domtab tmpfs /var/tmp "vartmp" -omode=1777,nodev,noexec,nosuid
> 	domtab tmpfs /var/crash "varcrash" -omode=0755,nodev,noexec,nosuid
> 	domtab tmpfs /var/spool/cups "varspoolcups" -omode=0710,nodev,noexec,nosuid
> 	domtab tmpfs /var/lib/dhcp3 "varlibdhcp3" -omode=0755,nodev,noexec,nosuid
> 	domtab tmpfs /var/lib/xkb "varlibxkb" -omode=0755,nodev,noexec,nosuid
> 	domtab tmpfs /var/lib/gdm "varlibgdm" -omode=0755,nodev,noexec,nosuid
> 	domtab tmpfs /var/lib/nfs "varlibnfs" -omode=0755,nodev,noexec,nosuid
> 
> 	domtab tmpfs /tmp "tmp" -omode=1777,nodev,exec,nosuid
> 	domtab tmpfs /media "media" -omode=0755,nodev,noexec,nosuid
>
Code:
root@CW8uV:/etc/init.d# diff mountkernfs.sh.org mountkernfs.sh.new.varlog
47a48,59
> 
> 	domount tmpfs "" /var/log -omode=0755,nodev,noexec,nosuid
> 	mkdir /var/log/apparmor
> 	mkdir /var/log/apt
> 	mkdir /var/log/cups
> 	mkdir /var/log/dist-upgrade
> 	mkdir /var/log/fsck
> 	mkdir /var/log/gdm
> 	mkdir /var/log/news
> 	mkdir /var/log/samba
> 	mkdir /var/log/unattended-upgrades
>
Added touch and mkdir lines to moutkernfs.sh as per this diff.
Code:
root@CW8uV:/etc/init.d# diff mountkernfs.sh.org mountkernfs.sh.new
38a39,99
> 	domount tmpfs "" /var/tmp -omode=1777,nodev,noexec,nosuid
> 	domount tmpfs "" /var/crash -omode=0755,nodev,noexec,nosuid
> 
> 	domount tmpfs "" /var/spool/cups -omode=0710,nodev,noexec,nosuid
> 	chgrp lp /var/spool/cups
> 	mkdir /var/spool/cups/tmp
> 	chmod 1770 /var/spool/cups/tmp
> 	chgrp lp /var/spool/cups/tmp
> 
> 	domount tmpfs "" /var/log -omode=0755,nodev,noexec,nosuid
> 	touch /var/log/dmesg
> 	touch `syslogd-listfiles -a`
> 	if [[ -x /sbin/bootlogd ]]; then
> 		touch /var/log/bootmsg
> 	fi
> 	mkdir /var/log/apparmor
> 	mkdir /var/log/apt
> 	mkdir /var/log/cups
> 	mkdir /var/log/dist-upgrade
> 	mkdir /var/log/fsck
> 	mkdir /var/log/gdm
> 	mkdir /var/log/news
> 	if [[ -x /usr/sbin/privoxy ]]; then
> 		mkdir /var/log/privoxy
> 	fi
> 	mkdir /var/log/samba
> 	if [[ -x /usr/sbin/tor ]]; then
> 		mkdir /var/log/tor
> 	fi
> 	mkdir /var/log/unattended-upgrades
> 
> 	domount tmpfs "" /var/lib/dhcp3 -omode=0755,nodev,noexec,nosuid
> 
> 	domount tmpfs "" /var/lib/xkb -omode=0755,nodev,noexec,nosuid
> 
> 	domount tmpfs "" /var/lib/gdm -omode=0755,nodev,noexec,nosuid
> 	mkdir /var/lib/gdm/.fontconfig
> 
> 	domount tmpfs "" /var/lib/nfs -omode=0755,nodev,noexec,nosuid
> 	mkdir /var/lib/nfs/sm
> 	mkdir /var/lib/nfs/sm.bak
> 	mkdir /var/lib/nfs/rpc_pipefs
> 
> 	domount tmpfs "" /tmp -omode=1777,nodev,exec,nosuid
> 	mkdir /tmp/etc
> 	#Not using DHCP to pick up DNS servers so resolv.conf need not be writeable
> 	#touch /tmp/etc/resolv.conf
> 	#VMs should pick up time directly from host so adjtime need not be writeable
> 	#touch /tmp/etc/adjtime
> 	touch /tmp/etc/mtab
> 
> 	# this is necessary to avoid that the above files are removed later in the boot process
> 	touch /tmp/.clean
> 
> 	domount tmpfs "" /media -omode=0755,nodev,noexec,nosuid
> 	mkdir /media/cdrom0
> 	ln -s /media/cdrom0 /media/cdrom
> 	mkdir /media/floppy0
> 	ln -s /media/floppy0 /media/floppy
> 	mkdir /media/usbdisk
>
Good luck!
 
Old 09-20-2009, 08:19 PM   #4
coffeecoffee
Member
 
Registered: Feb 2009
Posts: 58

Original Poster
Rep: Reputation: 16
@linus72, its a complete linux install, not a live cd because i need to add my own packages.

Thanks for the help catkin! The link is going to be very useful for me. What about the swap partition though, is there a way to disable it as well or just a tmpfs for the swap?
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Xpert in 8-16 bit microcontroller embedded system now inclining toward embedded linux priyadarshan Linux - Embedded & Single-board computer 2 02-12-2009 04:28 AM
version GLIBC_2.3.4 not found. How do I install on embedded sys w/o gcc? LinuxTexan Linux - Newbie 1 10-17-2008 05:24 PM
Make symlinks readonly x_terminat_or_3 Linux - Software 3 10-20-2007 03:49 PM
Make small embedded Debian dist Armane Debian 2 03-08-2007 07:42 AM
How to make ReadOnly FS on HD SUSE 10 FrankRizzo Linux - General 4 02-03-2007 02:16 PM


All times are GMT -5. The time now is 07:56 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration