Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Posting-Version: version B 2.10.1 6/24/83; site umcp-cs.UUCP
Path: utzoo!watmath!clyde!burl!ulysses!allegra!bellcore!decvax!genrad!panda!talcott!harvard!seismo!umcp-cs!chris
From: chris@umcp-cs.UUCP (Chris Torek)
Newsgroups: net.unix-wizards
Subject: Re: 4.2 Info request: Read-only file systems
Message-ID: <4215@umcp-cs.UUCP>
Date: Thu, 21-Mar-85 01:18:16 EST
Article-I.D.: umcp-cs.4215
Posted: Thu Mar 21 01:18:16 1985
Date-Received: Sat, 23-Mar-85 02:34:01 EST
References: <2483@nsc.UUCP> <1640@ittvax.UUCP>
Distribution: net
Organization: U of Maryland, Computer Science Dept., College Park, MD
Lines: 44

> From: long@ittvax.UUCP (H. Morrow Long [Systems Center])

> In <2483@nsc.UUCP> chongo writes
> > I would like to mount things like /bin, most of /etc, /usr/{bin,lib, ... },
> > /dev/{mem,kmem,...}, usw...  on a read-only disc pack.
>
> What you need to do is place the (sub)directory to be read-only in its
> own filesystem.  You can then use 'mount /usr/src -r' to mount the
> filesystem readonly or change field 3 from ':rw:' to ':ro:' in
> /etc/fstab and the 'mount -a' will do it for you.

I don't think this answers his particular question.  The problem is
that much of /bin and /etc is required simply to get far enough into
the boot that "mount -a" will even get done.

Consider: even before you get a single user shell after a "b hps" or
"b/2" (e.g.), Unix has to run /etc/init.  Init needs access to
/bin/sh.  Sh is nearly useless without most of /etc and /bin.  During
boots to multi-user mode you need both /etc/rc and /bin/sh.  Without
/dev, /etc/fsck may have a hard time fixing disks.

Anyway, clearly most of the root file system has to be present in order
for Unix to boot.  Since it's mounted read-write by init_main.c, /bin,
/dev, /etc, and anything else out there is clearly going to be
writable.

Is there a solution?  Well, sort of.  It turns out that you can mount
on top of *any* directory.  So you can have a "minimal root" that has
just enough in it to be able to safely "mount -a", and have an fstab
that mounts a true /bin, /etc, etc., which are all read-only.  This
helps protect against fumble-fingered super users, at least.  (I've
been known to trip over the keys myself now and then. :-) )

(By the way, it used to be that you could mount on top of *any* file!
4.2 makes sure it's a directory.  Ah well.)

To answer chongo's original question: could you change the mountfs()
call in main() to make / read-only?  Answer:  yes, but you'd have to
be *real* careful.  It's no fun having to switch Unixes just because
you need to write in / now. . . .  (Don't forget about new /vmunixes!)
-- 
In-Real-Life: Chris Torek, Univ of MD Comp Sci Dept (+1 301 454 4251)
UUCP:	{seismo,allegra,brl-bmd}!umcp-cs!chris
CSNet:	chris@umcp-cs		ARPA:	chris@maryland