Lock out root writes on mounted directory?
Eric "Shubes"
plug at shubes.net
Sat Sep 9 21:35:02 MST 2006
Darrin Chandler wrote:
> On Fri, Sep 08, 2006 at 07:51:33AM -0700, Eric Shubes wrote:
>> I've created a sandbox for building rpms. It was suggested to me that for
>> some directories, such as /bin, /lib, /sbin, I could mount them with
>> ro,bind options instead of coping or hard linking them. What I've
>> discovered, though, is that the ro mount option does not prohibit root from
>> modifying a mounted directory. Is there any way to mount a directory such
>> that root cannot write to it?
>
> Verify that it's really mounted ro by typing "mount" and seeing the
> options actually used. If it's really read only and root can write to it
> then it sounds broken to me.
>
Mount says:
/bin on /opt/qtp-sandbox/bin type none (ro,bind)
It allows me to save a file to /opt/qtp-sandbox/bin from root user.
This is CentOS4.3.
--
-Eric 'shubes'
More information about the PLUG-discuss
mailing list