"Write once only but read many" filesystem
Scott Lovenberg
scott.lovenberg at gmail.com
Mon Mar 24 04:49:17 UTC 2008
Jörn Engel wrote:
> On Sat, 22 March 2008 23:55:53 +0800, Peter Teoh wrote:
>>> Or do you want individual files/directories to be immutable - chattr?
>> chattr is not good enough, as root can still modify it. So if
>> current feature is not there, then some small development may be
>> needed.
>>
>>> And in either case, what problem do you want to solve with a read-only filesystem?
>> Simple: i want to record down everything that a user does, or a
>> database does, or any applications running - just record down its
>> state permanently securely into the filesystem, knowing that for sure,
>> there is not way to modify the data, short of recreating the
>> filesystem again. Sound logical? Or is there any loophole in this
>> concept?
>
> The loophole is called root. In a normal setup, root can do anything,
> including writing directly to the device your filesystem resides in,
> writing to kernel memory, etc.
>
> It may be rather inconvenient to change a filesystem by writing to the
> block device, but far from impossible. If you want to make such changes
> impossible, you are facing an uphill battle that I personally don't care
> about. And if inconvenience is good enough, wouldn't chattr be
> sufficiently inconvenient?
>
> Jörn
>
How about mounting an isofs via loopback? This has the added benefit of
being ready to be exported to disc. You can make it with mkisofs on a
directory structure and mount it to the tree with a normal mount(1). If
it asks for fs type on mount, I think its 'iso9660'.
More information about the Ext3-users
mailing list