Make the root file system read-only on RHEL 5.3
 

Hello everyone,

I am interested in making the root file system read-only on RHEL 5.3.
I've moved /var and /tmp file systems to another partitions.
There are two files in the /etc directory that need to be writable. These are:
/etc/mtab
/etc/resolv.conf

I've moved this files to /var and linked it.
I've added command to the /etc/rc.d/rc.local file:
mount -o remount,ro /

That's it.

Are there any other solutions to make the root file system read-only?

You could use the file /etc/fstab to mount / as read-only by adding ro (I believe) to the options (separated with commas).

Due to lack of provided reasons for requiring this and with total disregard for practical application: 0) SELinux MLS-type policy ;-p, 1) recursive chattr, 2) loopmount a FS from a file, 3) use any write-once medium, 4) use a separate harddisk with write switch (I don't think they exist anymore) or 5) some (FUSE-based) FS overlay?

I edited my fstab:
LABEL=/ / ext3 ro,defaults 1 1
But unfortunately it didn't help me. After rebooting I got rw root file system.

Should it not look more like this?

/dev/sda1 / ext3 ro,defaults 0 1

I've not tried this with the root directory before but it works with other devices/partitions.

Thank you, jsteel! But this options don't influence on read/write access.
It's Dump and fsck options. Dump is a backup utility and fsck is a filesystem check utility. Dump checks it and uses the number to decide if a filesystem should be backed up. If it's zero, dump will ignore that filesystem. Fsck looks at the number in the 6th column to determine in which order the filesystems should be checked. If it's zero, fsck won't check the filesystem.

Sorry I should have mentioned that it was the first bit of the line that I was querying; I was curious as to why you don't have a device mentioned such as sda1. That's just an example line (similar to what I have on my computer).

LABEL is the partition label. In this case "/".

See http://wiki.linuxquestions.org/wiki/Fstab

@ursusca: Can you explain what you're trying to accomplish? (i.e. I'm doing this because...)

Hi anomie
I am looking for solutions to make the root file system read-only on RHEL 5.3. And I`d like to choose the best solution.
I tried modifying /etc/fstab and adding --read-only to the grub boot options. But it didn't help me. That's why I added remount comand in the /etc/rc.d/rc.local file. But thanks to one guy from CentOS forum I found the /etc/rc.d/rc.sysinit script where the root is remounted rw. I think there are 2 possibilities to make the root file system read-only on RHEL 5:
- adding remount comand to the /etc/rc.d/rc.local file.
- commenting out the line in the /etc/rc.d/rc.sysinit scripts, containing the remount.

Yes, we already know what you want but not why. Knowing why offers members more insights and chance to correct reasoning or approach or offer other methods.

To avoid unforeseen errors.

Like what? Please give some examples and be verbose about it.

Probably it's funny. But I need to setup server which will be situated very far from my work office. In this place Internet connection is very poor and unstable and sometimes it's absent at all. Speed of this internet connection is very low. And on this server I will have time only in critical situations. I have to give the root password to administrator whose knowledge of unix/linux is bad. And I don't want him made anything wrong. I am planning to setup server only for getty (mgetty). That's why I think that read-only file system is a solution for me.

:) Yeah, there's something interesting to do over the weekend on your 500 GB hard drive :

Honey, pack me another sandwich, I'm gonna chatter away the hard drive ... :)

And, it's very easy to undo too :)