From owner-freebsd-questions  Sat Feb 17  8:11:18 2001
Delivered-To: freebsd-questions@freebsd.org
Received: from glitnir.cfar.umd.edu (glitnir.cfar.umd.edu [128.8.132.40])
	by hub.freebsd.org (Postfix) with ESMTP id BADBE37B401
	for <freebsd-questions@FreeBSD.ORG>; Sat, 17 Feb 2001 08:11:16 -0800 (PST)
Received: from glitnir.cfar.umd.edu (localhost [127.0.0.1])
	by glitnir.cfar.umd.edu (8.9.3/8.9.1) with ESMTP id LAA04004;
	Sat, 17 Feb 2001 11:09:31 -0500 (EST)
Message-Id: <200102171609.LAA04004@glitnir.cfar.umd.edu>
To: Cliff Sarginson <cliff@raggedclown.net>
Cc: Vlad Skvortsov <vss@ulstu.ru>, freebsd-questions@FreeBSD.ORG
Subject: Re: read-only / 
In-reply-to: Your message of "Fri, 16 Feb 2001 14:09:25 GMT."
             <E14TlZd-0008MR-00@post.mail.nl.demon.net> 
Date: Sat, 17 Feb 2001 11:09:31 -0500
From: Andrew Arensburger <arensb@cfar.umd.edu>
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG


On Fri, 16 Feb 2001 14:09:25 GMT, Cliff Sarginson wrote:
> > 	That is shell access server. The configuration has to be secure because
> > we have not much time to watch this box. Everything what's possible is set
> > to r/o; r/w partitions are quotas enabled, noexec and nodev flags are on.
> > The only filesystem left "unsecure" is /.
> 
> Since I have never tried it I must say I am slightly suprised
> you can even logon at all if the /dev permissions cannot be
> changed.

	Alternately, would it be possible to put /dev on a separate
read-write partition? Things might get a bit interesting at boot time,
but this would allow you to have a read-write /dev on a read-only /.

-- 
Andrew Arensburger, Systems guy		Center for Automation Research
arensb@cfar.umd.edu			University of Maryland
		       Alex Haley was adopted!


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message