On Saturday 24 May 2008 12:05:30 Fred Noz wrote: > Responding to a question posted earlier this month, Centos 5.1 > includes configuration files for enabling the read-only root > filesystem. Actually, all filesystems can be mounted read-only with > particular files and directories mounted on a read-write tmpfs (in > RAM). This capability comes directly from the upstream provider. > When your computer comes back up, the root and any other system > partitions will be mounted read-only. All the files and directories > listed in /etc/rwtab will be mounted read-write on a tmpfs filesystem. > You can add additional files and directories to rwtab to make them > writable after reboot. > > Note that this system is stateless. When you reboot again, everything > written to the tmpfs filesystem vanishes and the system will be > exactly as it was the last time it was booted. You could add a > writable filesystem on disk or NFS for writing files you want to > retain after rebooting. This is very interesting. Thanks for the sharing Fred. So, it's somekind of Live CD on a disk? I can't think of a practical benefit of using such system, is it to protect it from unwanted modification? Fajar Priyanto | Reg'd Linux User #327841 | Linux tutorial ----- Fajar, There are many practical reasons why one would want to run a Linux system, whether it be desktop or server, with a read-only root. One reason is for ease of maintenance, especially when there are many systems to maintain. You might be administering computers in a classroom, internet access point, or library and you want to be certain that after reboot, the system is exactly as it was the last time it was rebooted, even if the users mess with the system accidentally or on purpose. For example, if a user fills up the /tmp filesystem and causes the system to crash, after booting, the system will have an empty /tmp filesystem. It will not require that fsck to be run because the other filesystems were mounted read-only. This implies no risk of filesystem corruption (except due to physical failures on the disk). Not needing fsck saves time on boot. You could use read-only root on embedded systems where there is no way an administrator could get to the system to fix it. Read-only root is beneficial on a system running on flash media because this avoids having recurring writes wear out some sectors on the media. This is a practical way to run a large group of diskless systems. A single read-only root filesystem can be made available on a network from an NFS server. Many diskless clients can use this readonly-root simultaneously. Of course, this is a way to implement a live CD. In addition to easy maintenance, readonly-root adds a layer of security. The security is broken if someone gains access to the root user, but then many security protections are lost if someone gains root. Even a Database server can benefit from being run on read-only root. The data disk would certainly be mounted read-write, but there is no reason why the operating system and database application software need to be on disks mounted read-write. When an administrator wants to perform an update, upgrade, software, installation. or other system change, the administrator sets the readonly filesystems to read-write using a simple mount command. After the administrator finishes making the changes, a simple mount command (or reboot) sets the readonly filesystems back to read-only. Of course, on systems where the root and system filesystems have no physical write capability, such as on a live CD, they cannot be set to read-write. - Fred --------- Fred Noz Fred@xxxxxxx _______________________________________________ CentOS mailing list CentOS@xxxxxxxxxx http://lists.centos.org/mailman/listinfo/centos