On Tue, 16 Jul 2002, Cool Penguin wrote:
CP > I want to install a system and freeze it by making all
CP > the file systems read-only. I guess not all
CP > directories can be made read-only. The system will be
CP > used as a DNS and hence no mail or any other daemon/
CP > program would be user based/ associated writing data.
you can check by using lsof to look at what are all the open files.
CP > I think the /var/log and /tmp directories need to be
CP > rw. Is there any other directory that should be rw?
CP > How do I make the rest ro at the file system level
CP > itself without assigning directory permissions as
CP > 0444? Any ideas?
by using the mount option ro in fstab. the fourth field of the fstab file
contains the mounting options. it is usually default; you can change the
default to ro (or, if there are other options there already, just add ro
to the options; hopefully, ro wont conflict with the other options). to
try to see if things will work, you can remount the partitions read only
on the running system by doing
mount -o remount,ro /dev/blah /usr
if this command fails, that is an indication that something is open for
writing on that partition.
CP > I was thinking of making /var and /tmp as separate
CP > partitions in rw mode and turn all other partitions ro
CP > in fstab. Am I right? have I missed out something?
i believe you are on the right track. i have a bunch of systems (including
this list mail server) where /usr is mounted readonly.