read-only root partition?
Clark C . Evans
cce at clarkevans.com
Wed Feb 27 22:55:41 GMT 2002
Thank you. Any suggestions as to how to do this would
be great. Here is an idea that I've had.
There are three considerations that I have:
- vinum (software RAID) cannot protect your boot partition
since it is a kernel module and hence can't protect loading
the os kernel (chicken and egg problem).
- I'm building a web farm and just about everything
is static, no new users, etc. It'd be nice to
frustrate any crackers by making the root partition
read-only.
- I was thinking that it would be very neat to have
the OS plus /usr and the server software be on a
CD-ROM. So, to upgrade a server box I just simply
switch CD-ROMS.
It sounds like the predictable outstanding issues are
(thanks to Paul and Jeff)...
- /etc/motd gets updated at boot time, but you can turn
that off in rc.conf
- if you are using /etc/fbtab then /dev/console won't update,
there may be other /dev issues (tty files)
- if you are using DHCP then dhclient will want to update
/etc/resolv.conf
Sounds like there is some playing. Also, it seems that
to transfer the boot to CD-ROM, I'll have to get everything
working on /da0s1a before I cut the CD-ROM. Thus, entries
pointing to /da0s1a need topoint to the partition on the
CD-ROM. In general, how do you make bootable CD-ROMs?
Thank you so much for your feedback! Any other ideas
would be cool!
;) Clark
More information about the Ukfreebsd
mailing list