*BSD News Article 67903


Return to BSD News archive

Path: euryale.cc.adfa.oz.au!newshost.anu.edu.au!harbinger.cc.monash.edu.au!news.mira.net.au!news.vbc.net!garlic.com!news.scruz.net!kithrup.com!news.Stanford.EDU!nntp-hub2.barrnet.net!netsys.com!su-news-feed4.bbnplanet.com!enews.sgi.com!news.uoregon.edu!news.rediris.es!sanson.dit.upm.es!jmrueda
From: jmrueda@diatel.upm.es (Javier Martin Rueda )
Newsgroups: comp.unix.bsd.freebsd.misc
Subject: Re: mounting / read-only
Date: 7 May 1996 15:34:34 GMT
Organization: Dpt. Ing. Telematica
Lines: 20
Message-ID: <4mnqia$8o@sanson.dit.upm.es>
References: <4m8b4e$mvl@news.zipnet.net>
NNTP-Posting-Host: gaudi.diatel.upm.es
Mime-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 8bit
X-Newsreader: TIN [version 1.2 PL2]

> What can it break? Assuming, that /var and /tmp are on another
> partitions, and /root is a symlink to my real home-directory.

/etc is another directory that is modified from time to time (to
add/change/delete users, machines, services, etc.).

> Why? To decrease a chance of crash and /-corruption (will it?),
> and for added security...

Supposing you can mount / as read-only, it's because you don't ever
write to it. If you don't write to it, then it cannot get corrupted
because of a system crash, as it won't ever be unsynchronized, and in
that case it does not matter whether it was mounted read-only or
read-write.

With respect to security, you may use chflags and the system-immutable
flag to protect individual files, instead of restricting writes for the
whole partition. Additionaly, you may set the security level of the
system to 1 or 2, so that system flags cannot be modified by anybody
while the system is multiuser. (Use sysctl -w kern.securelevel=xx).