Ed Morrison wrote: > <snip> > > If possible, get / to the state where it is mounted read only. > </snip> > > Feizhou, > > If you wouldn't mind, could you expand on this a little...i.e. how would > you set this up? Consequences for doing so? It really is getting /usr, /var and /tmp out of the way (them tmp directories) and then getting to a state where system wide configuration (/etc) is infrequent. The consequences will be the need to remount / to be writable for any system changes like adding a user or changing a config and then remounting read-only again. Moving non boot services and their configs off / would help in this regard.