Re: can you make a hard disk read-only?
From: Dale Pontius (dale_at_edgehp.invalid)
Date: 10/10/03
- Next message: Jem Berkes: "Re: can you make a hard disk read-only?"
- Previous message: Nico Kadel-Garcia: "Re: How to allow root to use POP3 from local network?"
- In reply to: Andy Baxter: "can you make a hard disk read-only?"
- Next in thread: Nathan: "Re: can you make a hard disk read-only?"
- Reply: Nathan: "Re: can you make a hard disk read-only?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 10 Oct 2003 03:39:28 GMT
In article <bm29ck$i8u$1@news6.svr.pol.co.uk>,
Andy Baxter <news2@earthsong.null.free-online.co.uk> writes:
> I'm wondering if there's some way of making a hard disk drive read-only
> using a hardware device which would go between the cable and the drive data
> connector, with a switch you could use to make it writeable only under user
> control?
>
<snip>
At a recent MIT flea market, I bought a hot-swap drive cradle. In a
vein similar to you, I plan to have two drives in the machine, one fixed
and one removable. The removable drive will have a true distribution
installation, and the fixed drive will have the read-write partitions
like /var. In addition, the fixed drive will have a minimal
installation on an ISO9660 filesystem, so the system can be booted
and run without the removable drive.
With only the fixed drive, there will be a minimal system just able to
accomplish its mission of home firewall/server. With the removable
drive in place I'll be able to build and install software, as well as
rebuild the ISO9660 filesystem for the fixed drive. It goes without
saying that the fixed minimal installation will lack the 'mkisofs'
command.
Not completely foolproof, but another security layer. It may also be
possible to run md5sums of the iso9660 partition to verify integrity.
The other issue here is the root filesystem. It appears *almost*
feasible to have a read-only root, with /etc/mtab being the biggest
fly in the ointment. (to my knowledge) IIRC the NTP stuff is in a
directory that can be symlinked over to /var, as is DHCP client
and lease stuff. Can anyone share experience on ro-root?
By the way for flash drives that others have mentioned, make sure to
mount it with 'noatime' so accesses don't chew up the flash life.
Dale Pontius
- Next message: Jem Berkes: "Re: can you make a hard disk read-only?"
- Previous message: Nico Kadel-Garcia: "Re: How to allow root to use POP3 from local network?"
- In reply to: Andy Baxter: "can you make a hard disk read-only?"
- Next in thread: Nathan: "Re: can you make a hard disk read-only?"
- Reply: Nathan: "Re: can you make a hard disk read-only?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
