[SOLVED] Make the root file system read-only on RHEL 5.3

[ursusca]

Hello everyone,

I am interested in making the root file system is read-only on RHEL 5.3.
I've moved /var and /tmp file systems to another partitions.
There are two files in the /etc directory that need to be writable. These are:
/etc/mtab
/etc/resolv.conf

I've moved this files to /var and linked it.
I've added command to the /etc/rc.d/rc.local file:
mount -o remount,ro /

That's it.

Are there other solutions to make the root file system is read-only?

[rituraj.goswami]

edit your fstab and put the parameters ro in it.

[ursusca]

edit your fstab and put the parameters ro in it.

I edited my fstab:
LABEL=/ / ext3 ro,defaults 1 1
But unfortunately it didn't help me. After reboot I got rw root file system.

[meton_magis]

I think the defaults may overwrite your request to make it ro. by default, the defaults are activated, you just need to put `ro` in that spot, exclude the `,defaults`

why would you want to make it read only though? Only root can write to it, and if someone has root access, then your root filesystem being writeable is the least of your problems.

[ursusca]

I think the defaults may overwrite your request to make it ro. by default, the defaults are activated, you just need to put `ro` in that spot, exclude the `,defaults`

why would you want to make it read only though? Only root can write to it, and if someone has root access, then your root filesystem being writeable is the least of your problems.

Thank you, meton_magis! But I exluded the `defaults` and I didn't help me. After reboot I got rw root file system. The reasons why I would want to make my root partition read only:
To avoid that power loss or system crash damage the root partition.
To avoid unforeseen errors.

[Rubberman]

I'm not sure you can make the root file system read-only. As for protecting it from power failures or system crashes, if you mount it on an ext3 or other logging file system, then it will not likely be so damaged. In my case, I also keep a backup bit-image of the system drive on an external device so I can easily restore the system to a known-good-state if it ever gets so munged that normal fsck recovery doesn't work. Which reminds me, I need to do that now!

[oz]

I would think that having it read only all the time could become problematic. I keep image backups on hand like Rubberman commented on above, but I actually keep two separate image backups on hand, both on external drives just in case one of them should be found corrupted when it's needed. The added measure of security doesn't take but a few minutes, but could save me many hours down the road.

[ursusca]

Thanks to one guy from CentOS forum I found /etc/rc.d/rc.sysinit script where root is remounted rw. I think there are 2 possibilities to make the root file system is read-only on RHEL 5:
adding remount comand to the /etc/rc.d/rc.local file.
commenting out the line in the /etc/rc.d/rc.sysinit scripts contains the remount.
And I agree that having it read only all the time could become problematic but I simply want to try it.

Thanks everyone for replying!

[oz]

Yes, if you are able to accomplish it, please do report back and let us know how it works out for you because I'm rather curious about it myself.

[ursusca]

Yes, if you are able to accomplish it, please do report back and let us know how it works out for you because I'm rather curious about it myself.

Hello

My dial-up server with read-only root file system has been working fine for over 5 month.