suggestion for a read-only /opt

[cosmin_ap]

Hi,

I would like to suggest some changes to accommodate booting from a read-only drive with persistent /opt.

- move /opt/.tce_dir to /etc/sysconfig/tce_dir (why is dynamic .tce_dir in persistent /opt anyway?)
- don't chown or chmod or try to copy any files on an already existing /opt and /tce
- opt=hdxy:ro boot option for read-only mounting

These changes would prevent trashing CF cards for instance.

A somewhat safer option that won't trash the CF is to change permissions but only on files that have them wrong. Eg. I made a little script for this:

Code: [Select]

#!/bin/sh

alias find='busybox find'
alias chown='busybox chown'
alias chgrp='busybox chgrp'
alias chmod='busybox chmod'
alias sudo=/usr/bin/sudo

usage() {
    echo "Check permissions and fix them for files that have them wrong, and report the changes."
    echo "$@"
    echo "Usage: $0 [-u|--user user] [-g|--group group] [-d|--dirmode dirmode] [-x|--exemode exemode] [-f|--filemode filemode] [-R|--recurse] [-O|--find-options 'find-options'] [-D|--dry-run] [-] FILE1 ..." >&2
    exit 1
}

unset user group dirmode exemode filemode findopt recurse dry
while [ $# -gt 0 ]; do
    case "$1" in
        -u|--user)     [ "$2" ] || usage "user expected."; user="$2"; shift 2;;
        -g|--group)    [ "$2" ] || usage "group expected."; group="$2"; shift 2;;
        -d|--dirmode)  [ "$2" ] || usage "dirmode expected."; dirmode="$2"; shift 2;;
        -x|--exemode)  [ "$2" ] || usage "exemode expected."; exemode="$2"; shift 2;;
        -f|--filemode) [ "$2" ] || usage "filemode expected."; filemode="$2"; shift 2;;
        -O|--find-options) [ "$2" ] || usage "find-options expected."; findopt="$2"; shift 2;;
        -R|--recurse) recurse=true; shift;;
        -D|--dry-run) dry=true; shift;;
        --help) usage;;
        -) shift; break;;
        -*) usage "Unknown option $1.";;
        *) break;;
    esac
done
[ $# -gt 0 ] || usage "FILE1 ... expected."

unset found
errcode=0
fix() {
    while read file; do
        [ "$found" ] || echo; found=1
        echo -n "    $1 $2 $file"
        [ "$dry" ] || sudo "$1" "$2" "$file"; local ret=$?
        [ $ret -eq 0 ] && echo || { echo " [$ret]"; errcode=$ret; }
    done
}

while [ $# -gt 0 ]; do
    [ "$1" ] && target="$1" || usage
    sudo [ -e "$target" ] || usage "No such file or directory: $1."

    findopt="$findopt -xdev"
    [ "$recurse" ] || findopt="$findopt -maxdepth 0"
    echo -n "Fixing perms for $target..."
    [ "$user" ]     && sudo find "$target" $findopt ! -type l ! -user $user | fix chown $user
    [ "$group" ]    && sudo find "$target" $findopt ! -type l ! -group $group | fix chgrp $group
    [ "$dirmode" ]  && sudo find "$target" $findopt -type d ! -perm $dirmode | fix chmod $dirmode
    [ "$exemode" ]  && sudo find "$target" $findopt -type f -perm +0111 ! -perm $exemode | fix chmod $exemode
    [ "$filemode" ] && sudo find "$target" $findopt -type f ! -perm +0111 ! -perm $filemode | fix chmod $filemode
    echo "OK"
    shift
done

exit $errcode #exit with the exit code of the last command that resulted in error


[roberts]

Note: Persistent opt is not a default. It is a user choice.

However, I had been planning to move some configuration files out of opt directory.
I was thinking of it for v4.0 instead of 3.x. Perhaps I will forge ahead. Let me ponder.

[cosmin_ap]

Great, thanks.

I know persistent opt is not a default so these changes don't mean anything to many users. For me persistent opt makes more sense than backup/restore on shutdown/boot, because 1) shutdown.sh is not called by init per inittab (I think it should be -- I know I can hook it up myself, just saying), 2) my /opt is getting big as I keep all shared resources in it so mounting it makes more sense than backup/restoring it.

[cosmin_ap]

Here's the simplest change that I could think of that would solve it:

@line 364 in tc-config (taken from the latest microcore iso) could be:

[ -d "$MOUNTPOINT"/opt ] || {

   ... do all writing to /opt here ...

}
;;
esac