[CentOS] read only root file system
Filipe Brandenburger
filbranden at gmail.com
Mon May 26 22:15:16 UTC 2008
On Sun, May 25, 2008 at 7:47 PM, Karanbir Singh <mail-lists at karan.org> wrote:
> Linux wrote:
>> A cd-rom can provide security as a readonly mount, but readonly
>> mounted ordinary filesystem/disk means almost nothing. Dont you read
>> comments like "administrator remounts read-write"? Why?
>
> If your blockdev is exposed to the OS as 'ro', your administator can go
> jump off a cliff if he wants, he's not geting +w on there.
Hmmm... interesting.
Is there a way to force the OS to see a SCSI disk or partition as a
"ro" blockdev like this? Nobody who doesn't have physical access
cannot write to the root filesystem. And yet you might be able to
reboot the machine (in "rw" mode, maybe another entry in grub menu?),
do your updates, and reboot the machine again turning it read-only. It
would be very useful indeed from the security point of view.
Thanks,
Filipe
More information about the CentOS
mailing list