Is it possible to setup read-only root ?
Bill Davidsen
davidsen at tmr.com
Mon Jul 2 17:35:00 UTC 2012
Reindl Harald wrote:
>
>
> Am 01.07.2012 19:32, schrieb Joe Zeff:
>> On 07/01/2012 10:23 AM, John Wendel wrote:
>>> Extra security is certainly a plus. My main reason for wanting to run a
>>> read-only root it to avoid wearing out the consumer grade compact flash
>>> card that I'm using as my root device (yes, I'm cheap).
>>
>> I'd suggest, then, using a distro that doesn't update as frequently as Fedora. /sbin is on the root device and
>> you'd need to set it to rw every time one of its programs gets updated. Also, if you're using Fedora, have a
>> separate /boot that's not on that card to make kernel updates easier.
>
> i do it the other direction
>
> /var/cache, /var/lib, /boot, /var/tmp, /var/log and /tmp on own partitions
> or in case of virtual machines even on drives because i can have rootfs as
> small as possible without fearing it gets full
>
What does that buy? If /tmp fills many things stop working even if it is on a
non-root filesystem. And to the extent that applications and services depend on
the other trees you mention breakage will occur, although far fewer things will
be broken filling anythig other than /tmp.
> this would have the same effect without the problem of have to
> remeber remount rw before updates
>
> with "yum-plugin-security" and "yum update --security" you can
> even on Fedora minimize updates most of the time if you really
> want while you can update packages selective from the normal
> repos if a update fixes a bug which affects you
>
>
>
--
Bill Davidsen <davidsen at tmr.com>
"We have more to fear from the bungling of the incompetent than from
the machinations of the wicked." - from Slashdot
More information about the users
mailing list