How-To Make the root filesystem read-only

Introduction

There are several reasons why you might want to make your root file system read only. I wanted to have a system on a flash disk, and since flash disks are damaged after repeated read-write circles the read-only root is a very nice solution. Other reasons why you would want to make your root partition read only include:

  • If you want maximum security for your server, and want it to boot from a read only medium (i.e. a CD-ROM)
  • If you want to make your own live-cd
  • To avoid that power loss or system crash damage the root partition.
  • If you want to mount the same nfsroot on several thin clients

The following procedure is what i did to turn my SuSE 10.1 root file system to read-only. It should work on both earlier and later versions but i haven’t tested it yet. There could be better/more elegant solutions, if you think that something is missing please fill free to edit this howto.

Acknowledgments

Some of the information on this howto where found here.

The /proc Filesystem

One of the ways in determining what is going on inside the UNIX kernel is to make use of the /proc filesystem. Some of that information may be disk arrays connected to your server or querying kernel parameters. The /proc filesystem offers an interface to important kernel data structures that provide information about the state of a running UNIX kernel by use of special files. The System Administrators uses the UNIX cat command to list the contents of those special files.

Under Linux, it is also possible to set certain kernel parameters by using the echo command. For example, to change the kernel parameter value used to control the maximum socket receive buffer size, net.core.rmem_default, to 262144, use the following:

# echo 262144 > /proc/sys/net/core/rmem_default

It is important to understand when setting kernel parameters in Linux using the echo command, (as in the above example), these settings need to be applied each time the system boots. Some distributions of Linux already have a setup method for this during boot. On Red Hat, this can be configured in /etc/sysctl.conf: (like: net.core.rmem_default = 262144).

This article attempts to list some of the more common files used by System Administrators. Although most of these special files are general enough to apply to all flavors or UNIX (Solaris, Linux, HP-UX, etc.), I indicate those that only apply to a particular platform.

Troubleshooting the “device is busy” Error Attempting to umount a Disk

Before attempting to dismount a filesystem, it must be inactive. If “any user” has one of the filesystem’s directories as their current directory or has any file within the filesystem open, you will receive an error message, like the one below, when attempting to unmount the filesystem:

# umount /dev/dsk/c0t2d0s7
umount: /dev/dsk/c0t2d0s7: device is busy

Well, the fuser command to the rescue. The fuser command may be used to determine which files or directories within a filesystem are currently in use and to identify the processes and users that are using them.