by John McKow » Sat, 26 Sep 1998 04:00:00
mount /dev/hda5 /webspace -oro
The directory /webspace and all files in that directory along with all
sub-directorys and files would be read-only. Not even root could write to
one of them without remounting the drive as rw.
by John McKow » Sat, 26 Sep 1998 04:00:00
mount /dev/hda5 /webspace -oro
The directory /webspace and all files in that directory along with all
sub-directorys and files would be read-only. Not even root could write to
one of them without remounting the drive as rw.
by John McKow » Sat, 26 Sep 1998 04:00:00
Another thought, if this is a separate machine, why not just get rid of root
and mount the HD read-only? If nobody has authority to issue mount command
and the /etc/fstab says to mount read-only, how could they add/delete/modify
any files on that partition?
If this is a shared machine, can you reboot it when on the Internet? If so,
create a kernel image which has a different "/" partition from the "real"
one. That "/" would be stand-alone (no access to any other partitions
defined in its /etc/fstab). Remove root from that partition's security (or
remove the mount command entirely). Again, make this the default boot kernel
for LILO. If the partition is read-only and there is no mount command
available, then I simply don't see any way for an intruder to
add/delete/modify a file. Without mount, the partition cannot be made
writable. If the partition cannot be made writeable, nobody can
add/delete/modify any files or directories. Of course, your alternate kernel
would boot with a different partition as "/" which would have root in the
security file. Perhaps having your Web's "/" mounted at a different mount
point. A real waste of disk space, but that's all I can think of.
1. modding IDE cable to write-protect compact flash?
hi all:
I am involved in a mini-project that is to build a solid state computer
(mini-ITX based) that will feature read-only medium. we have chosen
compact flash for its relatively cheap cost and larger compacity. and due
to the phyiscal limitations of the setup, we cannot use the popular
USB-flash sticks that come with a write-protect switch, we have to stick
with a CompactFlash-to-IDE converter.
it would be really nice if we could somehow protect the data on the
Compact Flash on a physical layer. we have thought about mounting the
Compact Flash read-only, but that doesn't protect the data on the Compact
Flash to be modified if someone gained super-user access to this machine.
i am wondering if it is feasible to short a few pins in the standard IDE
cable, so that the write signal does not get passed onto the Compact Flash
card. has anyone attempted similar solutions? i would really appreciate
any pointers and suggestions.
Thanks in advance.
2. diald/popclient problem, probably VFAQ
3. SCSI Write protect not properly detected
4. Calling all current/former CMS users
5. SCSI Tape drive write protect problem
7. SCSI command to Write Protect/Unprotect a ZIP drive
8. Programming of continuous exchange on TCP/IP
9. Checking tape write-protect status
10. Writing to write-protected floppy
11. Write-protect floppy ignored!
12. How to get write-protect for a 1/4 cartridge tape?
13. Write-Protect a directory with a password