Re: Read-only root (/) except /etc
n Sun, Apr 13, 2008 at 12:04:31PM -0400, Douglas A. Tutty wrote:
> On Sun, Apr 13, 2008 at 03:12:08PM +0000, lists2008@skaro.afraid.org wrote:
>
> > I don't *need* things read-only. I would just rather not *need* to
> > have my root filesystem read write.
> >
> > I gave some reasons above for why I would like to be able to crontrol
> > if and when the root filesystem is subject to writes..
>
> However, consider: as things stand now, only root can alter files which
> don't have write permissions for others. Sure, if the filesystem were
> mounted ro then root couldn't write to the files either (or delete
> files). However, root could always remount / rw. Therefore there is no
> security in a system once root is compromised whatever you do. If root
> is not compromised, then standard unix permission scheme will provide
> the security.
>
> Doug.
The trouble is that isn't really true. As long as you have standard
utilities like 'passwd' and 'chsh' normal users can cause the root
filesystem to be modified any time they want..
And in the examples I gave (running root off a DVD or drive with
hardware write protect), a remount rw will only succeed in getting
write failures logged....
But it isn't just security. It is another file system needing regular
backup, and fewer writes means less likelihood of corruption eg if power
goes off at the wrong instant..
The files that are a problem are the ones where either a change can
result from user activity (passwrd/shadow) or where they are changed
by demons, such as resolv.conf. I don't mind explicit changes by the
administrator, who can take care or write-protects or reburning media.
Regards,
DigbyT
Reply to: