Hi all,

I may be nuts, or paranoid, but it's not as if I have the reputation of a "guru" to lay on the line here. :-)

I have been trying to edit my fstab file so as to mount my main, system partition read-only by default. So far, however, I have failed to achieve this seemingly simple objective. I have exhausted the advice given to me here by others; nothing has worked. Now I need some independent third party/parties to double check my findings for themselves and report back here.

I have tried this on two different bang-up-to-date distros with the same results. Their kernels aren't the same, but the results are. I will post the kernel details on request if necessary, but please try this for yourselves first to ensure I haven't made some STOOPID mistake!

Here's what to do:

Edit your fstab in any way to please to make it so your main, system partition is mounted read-only on boot-up.

Check with "mount" after re-booting that this has taken effect.

Now try to write/save something to the filesystem on this partition.

Please let me know what happens!

NB, very latest kernels only, please.

It's not gonna be as simple as saying "mount / read-only". You're gonna need to do additional work, such as creating links to writeable file systems for files that need to be, well, writeable. Your best bet might be to download a live distro that runs with its root file system on the CD-ROM and see how they do it. One example of such a distro is Devil-Linux. Also, keep in mind that making your root file system be read-only doesn't really accomplish much with regards to security. If your box is rooted, the attacker simply needs to remount the file system read-write. I guess what I'm saying is, make sure you understand that a read-only file system is not the same as read-only media.

EDIT: BTW, I've edited the thread title to something a bit more sensible.

Well there's still some part of the puzzle missing. I'm simply inviting people to perform this test for themselves and report back their findings. Better to scare a few people unnecessarily-temporarily than to have them genuinely exposed to severe risk through saying nowt.

I feel I should also point out that when a user specifies that the partition he wants to mount be mounted as READ-ONLY, and the operating system confirms that this HAS INDEED BEEN DONE - that he should be able to RELY on this confirmation, without subsequently finding out to his horror - as I have - that the bloody thing remains writable!!!

If I mount a partition using fstab on my system ro, then it is ro, impossible to write to it.


repo@cannabis:~$ lsb_release -a
No LSB modules are available.
Distributor ID: Debian
Description: Debian GNU/Linux unstable (sid)
Release: unstable
Codename: sid
repo@cannabis:~$ uname -a
Linux cannabis 2.6.26-2-686 #1 SMP Thu Mar 26 01:08:11 UTC 2009 i686 GNU/Linux
repo@cannabis:~$

Thanks, Repo. Good 'ol Debian!
Btw, the two distros I refer to where I have been unable to make read-only sticky, are PCLinuxOS and Linpus. I haven't tried this with any others; although I have tried these distros with other machines and got the same failure.

Actually, I think I'll just install Ubuntu 8.1 (Debian based) and see if I still have the same problem.....

Keep in mind the OP is referring to the root partition specifically.

I have mounted / ro

Cool. Can you post your mount/fstab output? Also, how did you handle /tmp and /var?

/tmp and /var are seperate partitions
mount however kept giving mounted rw, but it was ro

I suspected that.

My guess is that is due to /etc/mtab not being able to be updated, since at that point the file system is read-only. If that's the case, then replacing /etc/mtab (after backing it up) with a link to /proc/mounts should do the trick me thinks.