FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Debian > Debian User

 
 
LinkBack Thread Tools
 
Old 04-12-2008, 03:18 AM
Daniel Dickinson
 
Default Read-only root (/) except /etc

Is it possible to have /etc on a separate partition from / (root) so
that root can be read-only while /etc is read-write?

Regards,

Daniel

--
And that's my crabbing done for the day. Got it out of the way early,
now I have the rest of the afternoon to sniff fragrant tea-roses or
strangle cute bunnies or something. -- Michael Devore
GnuPG Key Fingerprint 86 F5 81 A5 D4 2E 1F 1C http://gnupg.org
No more sea shells: Daniel's Weblog http://cshore.wordpress.com
 
Old 04-12-2008, 04:14 AM
NN_il_Confusionario
 
Default Read-only root (/) except /etc

On Fri, Apr 11, 2008 at 11:18:08PM -0400, Daniel Dickinson wrote:
> Is it possible to have /etc on a separate partition from / (root) so
> that root can be read-only while /etc is read-write?

You are requesting something like this

in the boot loader, use the kernel option
init=/pre-init.sh
where /pre-init.sh is executable by root and contains something like this:

#!/bin/sh
/bin/mount -n -t ext3 -o noatime /dev/hda2 /etc
## /etc/mtab and /proc/mounts to be checked later!
exec /sbin/init
## one might need "$@" or something at the end of the line to pass
## default runlevel and boot loader parameters ?

But you should consider the more advanced methods used by live cd
(knoppix and many others)

--
Chi usa software non libero avvelena anche te. Digli di smettere.
Informatica=arsenico: minime dosi in rari casi patologici, altrimenti letale.
Informatica=bomba: intelligente solo per gli stupidi che ci credono.


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 
Old 04-12-2008, 11:40 PM
"Kim N. Lesmer"
 
Default Read-only root (/) except /etc

On Fri, 11 Apr 2008 23:18:08 -0400
Daniel Dickinson <cshore@wightman.ca> wrote:

> Is it possible to have /etc on a separate partition from / (root) so
> that root can be read-only while /etc is read-write?

No. You have a lot of other stuff to think about such as /var/log
and /tmp.

Perhaps you should look into making a livecd/dvd that suits you needs?

> Regards,
>
> Daniel
>
> --
> And that's my crabbing done for the day. Got it out of the way
> early, now I have the rest of the afternoon to sniff fragrant
> tea-roses or strangle cute bunnies or something. -- Michael Devore
> GnuPG Key Fingerprint 86 F5 81 A5 D4 2E 1F 1C http://gnupg.org
> No more sea shells: Daniel's Weblog http://cshore.wordpress.com
>


--
Med venlig hilsen/Best regards

Kim N. Lesmer
Programmer/Systems administrator

Web : www.bitflop.com
E-mail : knl@bitflop.com


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 
Old 04-13-2008, 01:40 AM
 
Default Read-only root (/) except /etc

On Sun, Apr 13, 2008 at 01:40:46AM +0200, Kim N. Lesmer wrote:
> On Fri, 11 Apr 2008 23:18:08 -0400
> Daniel Dickinson <cshore@wightman.ca> wrote:
>
> > Is it possible to have /etc on a separate partition from / (root) so
> > that root can be read-only while /etc is read-write?
>
> No. You have a lot of other stuff to think about such as /var/log
> and /tmp.
>
> Perhaps you should look into making a livecd/dvd that suits you needs?
>
> > Regards,
> >
> > Daniel

The need to have the root filesystem mounted r/w annoys me too. My
ideal scenario is to be able to have everything read-only except /home
(for user file modification) and /var (for all files the system wants
to modify). It's great for security (esp if you have hardware write protect
on your hard drives) and simplifying backups (no need to look at the
read-only ones).

The hard part is that the root filesystem is supposed to have everything
necessary for running the system, particularly during the early boot
process... (for example. /etc/fstab is needed identify the other filesystems
that need to be mounted, so its no good having that on another filesystem).

On my current system I boot with everything read-only except root, var
and home. Ie /usr, /usr/local are all read-only. I have /tmp as a sym
link to /var/tmp so that the root filesystem rarely gets written to.
(There is a /var/tmp on my root filesystem so that /tmp is usable even
before the var filesystem gets mounted on top of it).

All that really remains to allow me to keep the root filesystem read-only
is to identify all the files in /etc that are user modifiable (such as
/etc/passwd and /etc/shadow) and come up with a way to move them - such
as with a symlink to /var/etc...

The remaining files are only modified by the super user, who can be
expected to do a mount -o remount as required..

Regards,
DigbyT


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 
Old 04-13-2008, 10:52 AM
Tzafrir Cohen
 
Default Read-only root (/) except /etc

On Sun, Apr 13, 2008 at 01:40:01AM +0000, digbyt@skaro.afraid.org wrote:

> The need to have the root filesystem mounted r/w annoys me too. My
> ideal scenario is to be able to have everything read-only except /home
> (for user file modification) and /var (for all files the system wants
> to modify). It's great for security (esp if you have hardware write protect
> on your hard drives) and simplifying backups (no need to look at the
> read-only ones).

Why exactly do you need things read-only?

Try the package flashybrid for a different approach to a similar
problem.

--
Tzafrir Cohen | tzafrir@jabber.org | VIM is
http://tzafrir.org.il | | a Mutt's
tzafrir@cohens.org.il | | best
ICQ# 16849754 | | friend


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 
Old 04-13-2008, 03:12 PM
 
Default Read-only root (/) except /etc

On Sun, Apr 13, 2008 at 10:52:22AM +0000, Tzafrir Cohen wrote:
> On Sun, Apr 13, 2008 at 01:40:01AM +0000, digbyt@skaro.afraid.org wrote:
>
> > The need to have the root filesystem mounted r/w annoys me too. My
> > ideal scenario is to be able to have everything read-only except /home
> > (for user file modification) and /var (for all files the system wants
> > to modify). It's great for security (esp if you have hardware write protect
> > on your hard drives) and simplifying backups (no need to look at the
> > read-only ones).
>
> Why exactly do you need things read-only?
>
> Try the package flashybrid for a different approach to a similar
> problem.
>

I don't *need* things read-only. I would just rather not *need* to
have my root filesystem read write.

I gave some reasons above for why I would like to be able to crontrol
if and when the root filesystem is subject to writes..

Running a flash based system is certainly one application that would be
made easier by this.

flashybrid looks interesting for embedded applications. But I would
really like to be able to flick on the hardware write protect switch on
my root filesystem on a regular server and know that nothing will break.

Regards,
DigbyT


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 
Old 04-13-2008, 04:04 PM
"Douglas A. Tutty"
 
Default Read-only root (/) except /etc

On Sun, Apr 13, 2008 at 03:12:08PM +0000, lists2008@skaro.afraid.org wrote:

> I don't *need* things read-only. I would just rather not *need* to
> have my root filesystem read write.
>
> I gave some reasons above for why I would like to be able to crontrol
> if and when the root filesystem is subject to writes..

However, consider: as things stand now, only root can alter files which
don't have write permissions for others. Sure, if the filesystem were
mounted ro then root couldn't write to the files either (or delete
files). However, root could always remount / rw. Therefore there is no
security in a system once root is compromised whatever you do. If root
is not compromised, then standard unix permission scheme will provide
the security.

Doug.


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 
Old 04-13-2008, 05:32 PM
"Digby Tarvin"
 
Default Read-only root (/) except /etc

n Sun, Apr 13, 2008 at 12:04:31PM -0400, Douglas A. Tutty wrote:
> On Sun, Apr 13, 2008 at 03:12:08PM +0000, lists2008@skaro.afraid.org wrote:
>
> > I don't *need* things read-only. I would just rather not *need* to
> > have my root filesystem read write.
> >
> > I gave some reasons above for why I would like to be able to crontrol
> > if and when the root filesystem is subject to writes..
>
> However, consider: as things stand now, only root can alter files which
> don't have write permissions for others. Sure, if the filesystem were
> mounted ro then root couldn't write to the files either (or delete
> files). However, root could always remount / rw. Therefore there is no
> security in a system once root is compromised whatever you do. If root
> is not compromised, then standard unix permission scheme will provide
> the security.
>
> Doug.

The trouble is that isn't really true. As long as you have standard
utilities like 'passwd' and 'chsh' normal users can cause the root
filesystem to be modified any time they want..

And in the examples I gave (running root off a DVD or drive with
hardware write protect), a remount rw will only succeed in getting
write failures logged....

But it isn't just security. It is another file system needing regular
backup, and fewer writes means less likelihood of corruption eg if power
goes off at the wrong instant..

The files that are a problem are the ones where either a change can
result from user activity (passwrd/shadow) or where they are changed
by demons, such as resolv.conf. I don't mind explicit changes by the
administrator, who can take care or write-protects or reburning media.

Regards,
DigbyT


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 
Old 04-13-2008, 08:09 PM
Tzafrir Cohen
 
Default Read-only root (/) except /etc

On Sun, Apr 13, 2008 at 05:32:22PM +0000, Digby Tarvin wrote:
> n Sun, Apr 13, 2008 at 12:04:31PM -0400, Douglas A. Tutty wrote:
> > On Sun, Apr 13, 2008 at 03:12:08PM +0000, lists2008@skaro.afraid.org wrote:
> >
> > > I don't *need* things read-only. I would just rather not *need* to
> > > have my root filesystem read write.
> > >
> > > I gave some reasons above for why I would like to be able to crontrol
> > > if and when the root filesystem is subject to writes..
> >
> > However, consider: as things stand now, only root can alter files which
> > don't have write permissions for others. Sure, if the filesystem were
> > mounted ro then root couldn't write to the files either (or delete
> > files). However, root could always remount / rw. Therefore there is no
> > security in a system once root is compromised whatever you do. If root
> > is not compromised, then standard unix permission scheme will provide
> > the security.
> >
> > Doug.
>
> The trouble is that isn't really true. As long as you have standard
> utilities like 'passwd' and 'chsh' normal users can cause the root
> filesystem to be modified any time they want..
>
> And in the examples I gave (running root off a DVD or drive with
> hardware write protect), a remount rw will only succeed in getting
> write failures logged....
>
> But it isn't just security. It is another file system needing regular
> backup, and fewer writes means less likelihood of corruption eg if power
> goes off at the wrong instant..
>
> The files that are a problem are the ones where either a change can
> result from user activity (passwrd/shadow) or where they are changed
> by demons, such as resolv.conf. I don't mind explicit changes by the
> administrator, who can take care or write-protects or reburning media.

flashybrid does not help you there. But it does give you control as to
when changes are being made permanent. A program can edit files under
/etc/ as it pleases, but the changes will not be actually written to the
disk before you explicitly run fh-sync (this applies to /etc/, /tmp and
most of /var . / is still mounted read-only).

--
Tzafrir Cohen | tzafrir@jabber.org | VIM is
http://tzafrir.org.il | | a Mutt's
tzafrir@cohens.org.il | | best
ICQ# 16849754 | | friend


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 
Old 04-13-2008, 11:30 PM
"Douglas A. Tutty"
 
Default Read-only root (/) except /etc

On Sun, Apr 13, 2008 at 05:32:22PM +0000, Digby Tarvin wrote:
> n Sun, Apr 13, 2008 at 12:04:31PM -0400, Douglas A. Tutty wrote:
> > On Sun, Apr 13, 2008 at 03:12:08PM +0000, lists2008@skaro.afraid.org wrote:
> >
> > > I don't *need* things read-only. I would just rather not *need* to
> > > have my root filesystem read write.
> > >
> > > I gave some reasons above for why I would like to be able to crontrol
> > > if and when the root filesystem is subject to writes..
> >
> > However, consider: as things stand now, only root can alter files which
> > don't have write permissions for others. Sure, if the filesystem were
> > mounted ro then root couldn't write to the files either (or delete
> > files). However, root could always remount / rw. Therefore there is no
> > security in a system once root is compromised whatever you do. If root
> > is not compromised, then standard unix permission scheme will provide
> > the security.
>
> The trouble is that isn't really true. As long as you have standard
> utilities like 'passwd' and 'chsh' normal users can cause the root
> filesystem to be modified any time they want..

No. The user isn't modifying anything really, its the suid utility
which is. User's don't have write permission on the /etc/passwd file.
The only security concern is if the suid utility is replaced by another;
in other words, again root is compromised.

> And in the examples I gave (running root off a DVD or drive with
> hardware write protect), a remount rw will only succeed in getting
> write failures logged....

So root turns off logging to. If we're talking about running off a DVD
then this is a LiveCD scenario with union mounting.

> But it isn't just security. It is another file system needing regular
> backup, and fewer writes means less likelihood of corruption eg if power
> goes off at the wrong instant..

Well sure, that makes sense. However, the only part that needs the
backup is /etc/ anyway, which would need backup if it was separate, so
no gain there.

As for e.g. corruption, I'd suggest having a duplicate root filesystem
taken care of by a script (which checks somehow that all is well) which
rsyncs them. This second root fs would be on its own partition with its
own entry in the boot loader. This suggests that /boot is on its own
partition and it is very easy to have /boot ro.

> The files that are a problem are the ones where either a change can
> result from user activity (passwrd/shadow) or where they are changed
> by demons, such as resolv.conf. I don't mind explicit changes by the
> administrator, who can take care or write-protects or reburning media.

I'd suggest to approach it as a live CD thingy, its a well tried path.
Anything else is frought with dragons.


Doug.


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 

Thread Tools




All times are GMT. The time now is 09:19 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org