mounting / ro permanently

Richard Lightman richard at reika.demon.co.uk
Thu Jan 25 02:46:11 PST 2001


Misquoted from Erika Pacholleck on 2001/01/24 at 19:04 +0000:
> Some time in my lfs beginning I read that it should be possible
> to mount / ro only. This seemed to me a good idea.
> But I am running against a wall again.
> 
The cost is a bit of extra effort during disaster recovery. The
benefit is an extra hoop for crackers to jump through.

The only problem I foresee is /etc/ioctl.save
I do not know what it is, but it is modified during the boot
sequence

dev
    There is a kernel option to mount /dev at boot time,
    without any mention of it in /etc/fstab. It will work
    fine without devfsd so if the compatibility daemon
    gives problems, don't use it. It is easy enough to
    have everything use the new device names. (/etc/inittab,
    /etc/fstab, /etc/X11/XF86Config, gpm, cdda2wav ...)

proc
    no problems. Put this is fstab:
    proc /proc proc defaults 0 0

etc
    ln -s /proc/mounts /etc/mtab
    On the 2.2.x kernels, this will give problems with loop back
    file systems. I have not checked the 2.4.x kernels. You could
    then simplify /etc/init.d/mountfs because it would not have to
    maintain /etc/mtab.

tmp
    This needs to be rw. You may need to mount it earlier in the
    boot sequence, and some disaster recovery tools may need /tmp
    to run.

boot
    Can be ro. May need to be on a different partition
    if your BIOS hates lba32

home,var
   Put these on rw partition(s)

root
    Depends what you keep in there. I only have things like
    .bash_profile which will work happily ro. Bash command
    history will not work, but the only time I log in as root
    is to recover from disasters. The first thing I would then
    do is remount / rw so I could fix the problems. You could
    also try makeing root's home directory in /home/root, but
    only if you can handle disasters when /home has been trashed.

usr
    This was always intended to be mounted ro. If you have
    anything trying to use /usr/tmp fix it. (try configuring
    with: --sharedstatedir=/var/cache --localstatedir=/var)

opt
    I have only qt, kde, gnome, and speech_tools in /opt,
    and these given no problems. Other stuff should be
    able to live ro in there too.

floppy,cdrom,zip,ls120,...
    no problems: leave on /, or put them in /mnt if you prefer

bin,sbin,lib,mnt
    no problems: leave on / as ro

Richard


-- 
Unsubscribe: send email to lfs-apps-request at linuxfromscratch.org
and put unsubscribe in the subject header of the message




More information about the blfs-support mailing list