read-only root partition?

Clark C . Evans cce at clarkevans.com
Wed Feb 27 22:55:41 GMT 2002


Thank you.  Any suggestions as to how to do this would
be great.  Here is an idea that I've had.

There are three considerations that I have:

 - vinum (software RAID) cannot protect your boot partition
   since it is a kernel module and hence can't protect loading
   the os kernel (chicken and egg problem).
 
 - I'm building a web farm and just about everything
   is static, no new users, etc.  It'd be nice to 
   frustrate any crackers by making the root partition
   read-only.

 - I was thinking that it would be very neat to have
   the OS plus /usr and the server software be on a
   CD-ROM.   So, to upgrade a server box I just simply 
   switch CD-ROMS.  

It sounds like the predictable outstanding issues are
(thanks to Paul and Jeff)...

 - /etc/motd gets updated at boot time, but you can turn 
   that off in rc.conf
 
 - if you are using /etc/fbtab then /dev/console won't update,
   there may be other /dev issues  (tty files)

 - if you are using DHCP then dhclient will want to update
   /etc/resolv.conf

Sounds like there is some playing.  Also, it seems that
to transfer the boot to CD-ROM, I'll have to get everything
working on /da0s1a before I cut the CD-ROM.  Thus, entries
pointing to /da0s1a need topoint to the partition on the
CD-ROM.   In general, how do you make bootable CD-ROMs?

Thank you so much for your feedback!  Any other ideas
would be cool!

;) Clark





More information about the Ukfreebsd mailing list