Lock out root writes on mounted directory?
Kenneth
madhse at yahoo.com
Fri Sep 8 11:37:38 MST 2006
I agree access control might do it, but it would be cumbersome. Are you sure
you're getting the ro option set? I know people who specifically keep root,
/usr, etc mounted ro, I don't think root should be able to write to them.
--- Mike Schwartz <mike.l.schwartz at gmail.com> wrote:
> On 9/8/06, Eric Shubes <plug at shubes.net> wrote:
> >
> > I've created a sandbox for building rpms. It was suggested to me that for
> > some directories, such as /bin, /lib, /sbin, I could mount them with
> > ro,bind
> > options instead of coping or hard linking them. What I've discovered,
> > though, is that the ro mount option does not prohibit root from modifying
> > a
> > mounted directory. Is there any way to mount a directory such that root
> > cannot write to it?
> > --
> > -Eric 'shubes'
> > ---------------------------------------------------
> > PLUG-discuss mailing list - PLUG-discuss at lists.plug.phoenix.az.us
> > To subscribe, unsubscribe, or to change you mail settings:
> > http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
> >
>
> I could be way off base here,
> but have you looked in to access control lists?
> I think I read somewhere that FC4 or so,
> has an implementation of them
> that is comparable to the "ACL" functionality
> in some other OS's.
> --
> Mike Schwartz
> Glendale AZ
> schwartz at acm.org
> Mike.L.Schwartz at gmail.com
> > ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.plug.phoenix.az.us
> To subscribe, unsubscribe, or to change you mail settings:
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
More information about the PLUG-discuss
mailing list