Red Hat Summit Red Hat SummitSupportoConsoleSviluppatoriInizia una provaContatti

Questo contenuto non è disponibile nella lingua selezionata.

Chapter 34. Setting read-only permissions for the root file system

Sometimes, you need to mount the root file system (/) with read-only permissions. Example use cases include enhancing security or ensuring data integrity after an unexpected system power-off.

34.1. Files and directories that always retain write permissions
Copia collegamento

For the system to function properly, some files and directories need to retain write permissions. When the root file system is mounted in read-only mode, these files are mounted in RAM using the tmpfs temporary file system.

The default set of such files and directories is read from the /etc/rwtab file. Note that the readonly-root package is required to have this file present in your system. 

dirs	/var/cache/man
dirs	/var/gdm
<content truncated>

empty	/tmp
empty	/var/cache/foomatic
<content truncated>

files	/etc/adjtime
files	/etc/ntp.conf
<content truncated>
Copy to Clipboard Toggle word wrap

Entries in the /etc/rwtab file follow this format: 

copy-method    path
Copy to Clipboard Toggle word wrap

In this syntax:

  • Replace copy-method with one of the keywords specifying how the file or directory is copied to tmpfs.
  • Replace path with the path to the file or directory.

The /etc/rwtab file recognizes the following ways in which a file or directory can be copied to tmpfs:

empty

An empty path is copied to tmpfs. For example: 

empty /tmp
Copy to Clipboard Toggle word wrap
dirs

A directory tree is copied to tmpfs, empty. For example: 

dirs /var/run
Copy to Clipboard Toggle word wrap
files

A file or a directory tree is copied to tmpfs intact. For example: 

files /etc/resolv.conf
Copy to Clipboard Toggle word wrap

The same format applies when adding custom paths to /etc/rwtab.d/.

With this procedure, the root file system is mounted read-only on all following boots.

Procedure

  1. In the /etc/sysconfig/readonly-root file, set the READONLY option to yes to mount the file systems as read-only: 

    READONLY=yes
    Copy to Clipboard Toggle word wrap

  2. Add the ro option in the root entry (/) in the /etc/fstab file: 

    /dev/mapper/luks-c376919e...  /  xfs  x-systemd.device-timeout=0,ro  1  1
    Copy to Clipboard Toggle word wrap

  3. Enable the ro kernel option: 

    # grubby --update-kernel=ALL --args="ro"
    Copy to Clipboard Toggle word wrap

  4. Ensure that the rw kernel option is disabled: 

    # grubby --update-kernel=ALL --remove-args="rw"
    Copy to Clipboard Toggle word wrap

  5. If you need to add files and directories to be mounted with write permissions in the tmpfs file system, create a text file in the /etc/rwtab.d/ directory and put the configuration there.

    For example, to mount the /etc/example/file file with write permissions, add this line to the /etc/rwtab.d/example file: 

    files /etc/example/file
    Copy to Clipboard Toggle word wrap
    Important

    Changes made to files and directories in tmpfs do not persist across boots.

  6. Reboot the system to apply the changes.

Troubleshooting

  • If you mount the root file system with read-only permissions by mistake, you can remount it with read-and-write permissions again using the following command: 

    # mount -o remount,rw /
    Copy to Clipboard Toggle word wrap
Torna in cima
Red Hat logoGithubredditYoutubeTwitter

Formazione

Prova, acquista e vendi

Community

Informazioni sulla documentazione di Red Hat

Aiutiamo gli utenti Red Hat a innovarsi e raggiungere i propri obiettivi con i nostri prodotti e servizi grazie a contenuti di cui possono fidarsi. Esplora i nostri ultimi aggiornamenti.

Rendiamo l’open source più inclusivo

Red Hat si impegna a sostituire il linguaggio problematico nel codice, nella documentazione e nelle proprietà web. Per maggiori dettagli, visita il Blog di Red Hat.

Informazioni su Red Hat

Forniamo soluzioni consolidate che rendono più semplice per le aziende lavorare su piattaforme e ambienti diversi, dal datacenter centrale all'edge della rete.

Theme

© 2025 Red Hat