Educational question

Dimitry Naldayev dimitryn at perm.ru
Sat Feb 25 12:45:23 PST 2006


Jason Stevens <jastev at alumni.rice.edu> writes:

> Dimitry Naldayev wrote:

>> You are missing /etc. It mast be part of / (root fs) becouse init
>> need some
>> information from there
>
> Hm.  I wonder if I could get by with just /etc/rc.d/rcsysinit.d on /
> in order mount filesystems, one of which would be a "real" /etc in a
> separate partition.
>
> I need most of /etc to be outside of the / filesystem, because it's
> not shareable - but that particular part should be common.
>
Let's consider what we need to put in /etc of root fs to be able mount
local file sustems and full /etc particular

The first thing is /etc/inittab which describe to init what to do.

The next is /etc/fstab which tell what and where need to be mounted

The next are /etc/rc.d/* initscripts at least those which run _before_ (and
during) we mount local file systems. These scripts can depend from other
files in /etc so we also need to put them on root fs /etc too.

If we use udev to populate /dev we need the set of udev rules some were in
the /etc of rootfs. Becouse we cannot mount /dev/hda? if there isn't
corresponding hda? entry in /dev

Beside of these above we also need a set of files in /etc which allow us to
login in system in maintenence mode when local filesystems are not mounted
for some reason.

If we will mount another /etc (from different partition) on top of root fs
/etc, we will have two sets of described above files --- one in read-only
root fs /etc and another in read-write mounted /etc and keeping these sets
in sync is not easy task.

_The motivations_ The main question is "why we want to keep the root fs
read-only?". The answer is probably "we want increase security". A cracker
need to remount root fs in read-write mode before he can do bad things with
oure computer. If his exploit do not do this, he out of luck. But if /etc
is mounted in read-write mode, he do not need to remount root fs to be able
modify something in /etc.

So there are no reasons to put /etc on different partition.

> I'm doing basically the same thing with root's home dir, putting a
> small /home/root on / (ro), that gets mounted over by another /home
> filesystem on a different partition (mounted rw).
>
The common technic is to put root's home dir in /root not in
/home/something

>> and several files in /etc need to be writable ;-/
>> Most famous is /etc/mtab and there workaround about this, but there are a
>> few other depending on what software you have installed
>
> Archaic posted a file recommending replacing /etc/mtab with a link to
> /proc/mounts.
>
Yes it is common technic to make root fs read-only but there are some
drawbacks. If you compare original /etc/mtab and /proc/mounts you notice
some differences...

> I imagine that for other software, if they insisted on having writable
> files in /etc, I could do the same thing:  give them space in /var or
> /srv and link to it from /etc.

There are software wich add entries to /etc/fstab when you hotplug some
hardware in you computer.

Unfortunately major Linux vendors do not consider read-only root fs as
primary goal.

---
        Dimitry




More information about the hlfs-dev mailing list