WelcomeWelcome | FAQFAQ | DownloadsDownloads | WikiWiki

Author Topic: [SOLVED] How can I mount /dev/sda1 read only?  (Read 10517 times)

Offline gerald_clark

  • TinyCore Moderator
  • Hero Member
  • *****
  • Posts: 4254
Re: [SOLVED] How can I mount /dev/sda1 read only?
« Reply #30 on: June 14, 2013, 07:18:03 AM »
I think you are putting too much trust in read-only.
If it is locked down, why do you need read-only.
If it is not locked down, the user can remount it read-write.

If you are worried about someone changing boot options you can boot off sda1 and have your TCE=sda2.
This way the boot partition won't be mounted at all.
It still won't stop a determined user with a shell that can obtain root privileges.

--- edit ---
You can also use chattr to make directories and files immutable.
« Last Edit: June 14, 2013, 07:40:51 AM by gerald_clark »

Offline andyj

  • Hero Member
  • *****
  • Posts: 930
Re: [SOLVED] How can I mount /dev/sda1 read only?
« Reply #31 on: June 14, 2013, 11:45:36 AM »
I'm doing plenty of other things too:


        Option          "DontVTSwitch" "true"
        Option          "DontZap" "true"


tty1::once:/sbin/getty -nl /sbin/autologin 38400 tty1


nohup startx >/dev/null 2>&1 &


$(grep -q nosuders /proc/cmdline) && sudo sed -i -e 's/^tc/#tc/' /etc/sudoers

There is no window manager loaded, and Xprogs.tcz isn't loaded either. Because getty runs once, startx keeps running after the shell exits, the three-finger salute is disabled, VT switching is disabled, X zapping is disabled, and su is disabled getting to a session with privs will be hard. Oh, and there's no keyboard either, just a touchscreen.

Making it read only is just part of locking it down. I like the chattr idea, but this is a FAT32 file system so it's not an option for this project.