Re: Read-only root (/) except /etc
On Sun, Apr 13, 2008 at 01:40:46AM +0200, Kim N. Lesmer wrote:
> On Fri, 11 Apr 2008 23:18:08 -0400
> Daniel Dickinson <cshore@wightman.ca> wrote:
>
> > Is it possible to have /etc on a separate partition from / (root) so
> > that root can be read-only while /etc is read-write?
>
> No. You have a lot of other stuff to think about such as /var/log
> and /tmp.
>
> Perhaps you should look into making a livecd/dvd that suits you needs?
>
> > Regards,
> >
> > Daniel
The need to have the root filesystem mounted r/w annoys me too. My
ideal scenario is to be able to have everything read-only except /home
(for user file modification) and /var (for all files the system wants
to modify). It's great for security (esp if you have hardware write protect
on your hard drives) and simplifying backups (no need to look at the
read-only ones).
The hard part is that the root filesystem is supposed to have everything
necessary for running the system, particularly during the early boot
process... (for example. /etc/fstab is needed identify the other filesystems
that need to be mounted, so its no good having that on another filesystem).
On my current system I boot with everything read-only except root, var
and home. Ie /usr, /usr/local are all read-only. I have /tmp as a sym
link to /var/tmp so that the root filesystem rarely gets written to.
(There is a /var/tmp on my root filesystem so that /tmp is usable even
before the var filesystem gets mounted on top of it).
All that really remains to allow me to keep the root filesystem read-only
is to identify all the files in /etc that are user modifiable (such as
/etc/passwd and /etc/shadow) and come up with a way to move them - such
as with a symlink to /var/etc...
The remaining files are only modified by the super user, who can be
expected to do a mount -o remount as required..
Regards,
DigbyT
Reply to: