Date: Fri, 16 Feb 2001 16:29:29 +0300 From: Vlad Skvortsov <vss@ulstu.ru> To: freebsd-questions@FreeBSD.ORG Subject: Re: read-only / Message-ID: <20010216162929.A18131@ulstu.ru> In-Reply-To: <E14TkoK-0001OL-00@post.mail.nl.demon.net> References: <E14TkoK-0001OL-00@post.mail.nl.demon.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, Feb 16, 2001 at 01:20:32PM +0000, Cliff Sarginson wrote: > > What is proper way to set root filesystem readonly on 4.2-R system ? > > The only problem I've encountered is that devices below /dev cannot change > > owners when users log in. > > I do not know what perceived risk you are trying to protect yourself > from but the above problem with /dev should worry you enough not to > do this. That is shell access server. The configuration has to be secure because we have not much time to watch this box. Everything what's possible is set to r/o; r/w partitions are quotas enabled, noexec and nodev flags are on. The only filesystem left "unsecure" is /. > Any programs that need to write in /etc will also break. I do understand it. No programs on production box should ever write to /etc. -- Vlad Skvortsov, vss@ulstu.ru To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010216162929.A18131>