John Wendel wrote:
I should probably keep quiet, but I don't really mind looking like a fool.
I'm an "inexperienced sysadmin" for my Linux boxes, and I have destroyed a few by doing stupid things, like running an untested script (that I wrote) as root that deleted all the file in /etc.
A sanity check in the script to create the rescue cd is there because I reported that it wiped out my mirror (mounted rw via nfs).
Since then I mount nfs stuff ro unless I need to write to it:-)
What I'd really like is for system files to be mounted read only. Maybe by having a hardware switch that makes the system disk read only.
How many peecees have two or more disks? How many users would be prepared to "waste" most of a 120 gigglebite disk?
You _can_ mount /usr ro, and clearly from the number of live CDs around you can get a ro / as well.
Booting from a DVD that contained everything except /var, /tmp, and /home would be another alternative. This of course requires that everyone cleans up their code to only update files in /var, instead of writing in /etc.
/etc should be fine. At worst, copy it to a ram disk - then system config changes will be volatile. You can also fetch the "'-real contents from another location - some firewall/router packages do this.
I'm sure some smart people have already worked out the details for a system like this. Anyone aware of this kind of work? I'd be interested in seeing it.
Some Firewall packages such as iptcop and devil-linux boot and run from CD. Knoppix (a desktop system based on Debian) also does this.
--
Cheers John
-- spambait 1aaaaaaa@xxxxxxxxxxxxxxxxxxxxxxx Z1aaaaaaa@xxxxxxxxxxxxxxxxxxxxxxx Tourist pics http://portgeographe.environmentaldisasters.cds.merseine.nu/
