Return to BSD News archive
Path: euryale.cc.adfa.oz.au!newshost.anu.edu.au!harbinger.cc.monash.edu.au!news.mira.net.au!news.vbc.net!garlic.com!news.scruz.net!kithrup.com!news.Stanford.EDU!nntp-hub2.barrnet.net!netsys.com!su-news-feed4.bbnplanet.com!enews.sgi.com!news.uoregon.edu!news.rediris.es!sanson.dit.upm.es!jmrueda From: jmrueda@diatel.upm.es (Javier Martin Rueda ) Newsgroups: comp.unix.bsd.freebsd.misc Subject: Re: mounting / read-only Date: 7 May 1996 15:34:34 GMT Organization: Dpt. Ing. Telematica Lines: 20 Message-ID: <4mnqia$8o@sanson.dit.upm.es> References: <4m8b4e$mvl@news.zipnet.net> NNTP-Posting-Host: gaudi.diatel.upm.es Mime-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Newsreader: TIN [version 1.2 PL2] > What can it break? Assuming, that /var and /tmp are on another > partitions, and /root is a symlink to my real home-directory. /etc is another directory that is modified from time to time (to add/change/delete users, machines, services, etc.). > Why? To decrease a chance of crash and /-corruption (will it?), > and for added security... Supposing you can mount / as read-only, it's because you don't ever write to it. If you don't write to it, then it cannot get corrupted because of a system crash, as it won't ever be unsynchronized, and in that case it does not matter whether it was mounted read-only or read-write. With respect to security, you may use chflags and the system-immutable flag to protect individual files, instead of restricting writes for the whole partition. Additionaly, you may set the security level of the system to 1 or 2, so that system flags cannot be modified by anybody while the system is multiuser. (Use sysctl -w kern.securelevel=xx).