[SOLVED] Make the root file system read-only on RHEL 5.3
Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Distribution: Gentoo, RHEL (Fedora, CentOS, OEL), Ubuntu, FreeBSD, Solaris 10
Posts: 170
Rep:
Make the root file system read-only on RHEL 5.3
Hello everyone,
I am interested in making the root file system read-only on RHEL 5.3.
I've moved /var and /tmp file systems to another partitions.
There are two files in the /etc directory that need to be writable. These are:
/etc/mtab
/etc/resolv.conf
I've moved this files to /var and linked it.
I've added command to the /etc/rc.d/rc.local file:
mount -o remount,ro /
That's it.
Are there any other solutions to make the root file system read-only?
Due to lack of provided reasons for requiring this and with total disregard for practical application: 0) SELinux MLS-type policy ;-p, 1) recursive chattr, 2) loopmount a FS from a file, 3) use any write-once medium, 4) use a separate harddisk with write switch (I don't think they exist anymore) or 5) some (FUSE-based) FS overlay?
Distribution: Gentoo, RHEL (Fedora, CentOS, OEL), Ubuntu, FreeBSD, Solaris 10
Posts: 170
Original Poster
Rep:
Quote:
Originally Posted by jsteel
Should it not look more like this?
/dev/sda1 / ext3 ro,defaults 0 1
I've not tried this with the root directory before but it works with other devices/partitions.
Thank you, jsteel! But this options don't influence on read/write access.
It's Dump and fsck options. Dump is a backup utility and fsck is a filesystem check utility. Dump checks it and uses the number to decide if a filesystem should be backed up. If it's zero, dump will ignore that filesystem. Fsck looks at the number in the 6th column to determine in which order the filesystems should be checked. If it's zero, fsck won't check the filesystem.
Sorry I should have mentioned that it was the first bit of the line that I was querying; I was curious as to why you don't have a device mentioned such as sda1. That's just an example line (similar to what I have on my computer).
Sorry I should have mentioned that it was the first bit of the line that I was querying; I was curious as to why you don't have a device mentioned such as sda1.
Distribution: Gentoo, RHEL (Fedora, CentOS, OEL), Ubuntu, FreeBSD, Solaris 10
Posts: 170
Original Poster
Rep:
Quote:
Originally Posted by anomie
@ursusca: Can you explain what you're trying to accomplish? (i.e. I'm doing this because...)
Hi anomie
I am looking for solutions to make the root file system read-only on RHEL 5.3. And I`d like to choose the best solution.
I tried modifying /etc/fstab and adding --read-only to the grub boot options. But it didn't help me. That's why I added remount comand in the /etc/rc.d/rc.local file. But thanks to one guy from CentOS forum I found the /etc/rc.d/rc.sysinit script where the root is remounted rw. I think there are 2 possibilities to make the root file system read-only on RHEL 5:
- adding remount comand to the /etc/rc.d/rc.local file.
- commenting out the line in the /etc/rc.d/rc.sysinit scripts, containing the remount.
Yes, we already know what you want but not why. Knowing why offers members more insights and chance to correct reasoning or approach or offer other methods.
Distribution: Gentoo, RHEL (Fedora, CentOS, OEL), Ubuntu, FreeBSD, Solaris 10
Posts: 170
Original Poster
Rep:
Quote:
Originally Posted by unSpawn
Yes, we already know what you want but not why. Knowing why offers members more insights and chance to correct reasoning or approach or offer other methods.
Distribution: Gentoo, RHEL (Fedora, CentOS, OEL), Ubuntu, FreeBSD, Solaris 10
Posts: 170
Original Poster
Rep:
Quote:
Originally Posted by unSpawn
Like what? Please give some examples and be verbose about it.
Probably it's funny. But I need to setup server which will be situated very far from my work office. In this place Internet connection is very poor and unstable and sometimes it's absent at all. Speed of this internet connection is very low. And on this server I will have time only in critical situations. I have to give the root password to administrator whose knowledge of unix/linux is bad. And I don't want him made anything wrong. I am planning to setup server only for getty (mgetty). That's why I think that read-only file system is a solution for me.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.