"Write once only but read many" filesystem

Scott Lovenberg scott.lovenberg at gmail.com
Mon Mar 24 04:49:17 UTC 2008


Jörn Engel wrote:
> On Sat, 22 March 2008 23:55:53 +0800, Peter Teoh wrote:
>>>   Or do you want individual files/directories to be immutable - chattr?
>> chattr is not good enough, as root can still modify it.   So if
>> current feature is not there, then some small development may be
>> needed.
>>
>>>  And in either case, what problem do you want to solve with a read-only filesystem?
>> Simple:   i want to record down everything that a user does, or a
>> database does, or any applications running - just record down its
>> state permanently securely into the filesystem, knowing that for sure,
>> there is not way to modify the data, short of recreating the
>> filesystem again.    Sound logical?   Or is there any loophole in this
>> concept?
> 
> The loophole is called root.  In a normal setup, root can do anything,
> including writing directly to the device your filesystem resides in,
> writing to kernel memory, etc.
> 
> It may be rather inconvenient to change a filesystem by writing to the
> block device, but far from impossible.  If you want to make such changes
> impossible, you are facing an uphill battle that I personally don't care
> about.  And if inconvenience is good enough, wouldn't chattr be
> sufficiently inconvenient?
> 
> Jörn
> 

How about mounting an isofs via loopback?  This has the added benefit of 
being ready to be exported to disc.  You can make it with mkisofs on a 
directory structure and mount it to the tree with a normal mount(1).  If 
it asks for fs type on mount, I think its 'iso9660'.




More information about the Ext3-users mailing list