On Sun, Oct 4, 2009 at 3:10 AM, Anthony Roberts <openbsd-mi...@arbitraryconstant.com> wrote: > What I tend to do for those is just make the filesystems for that machine > read-only. > > This is inconvenient to set up/use for several reasons, but it helps make > machines indifferent to surprise reboots. It's handy if the site has > unreliable power (eg solar/battery out in the bush somewhere) or even > simply because people don't realize random Soekris boxes in wiring cabinets > might need to be shut down cleanly. > > -Anthony > > On Sat, 3 Oct 2009 11:14:16 -0300, "Jose Fragoso" > <inet_use...@samerica.com> > wrote: >> Hi, >> >>> If that was a wisething to do, we would have already done so. In other >>> words, it is not wise. It's foolish. >>> >>> -Otto >> >> I totally agree with you. This should not be in the release. >> >> However, I have a few obsd boxes working at places where I can >> not reach with ease. What I want to avoid is telling a client >> (who does not know anything about unix or Xbsd), by phone, to >> run 'fsck -y', when the system does not boot, as a last resource, >> before I have to go there myself. Sometimes, not even a console >> is available. >> >> Thanks for your insight. >> >> Regards, >> >> Jose > >
I agree with Anthony here - make root read only, mfs /dev, and mount everything else as nosuid,nodev. If you think you're going to need to add things to it at some point in the future, keep fstab the same, create a directory, add changes to that, then run a script from /etc/rc.securelevel to merge changes and remount root as readonly. It is good to have a throwaway server to test these things on before applying them to a production box. A script to do the above would look something like this in my head (assuming your staging directory is /usr/tmp/staging: cat >/usr/local/sbin/merge-staging <<EOF #!/bin/sh cp -R /usr/tmp/staging/* / rm -Rf /usr/tmp/staging/* mount -u -r / exit 0 EOF chmod 700 /usr/local/sbin/merge-staging I'd use something like this to install binpatches and update packages. As I said before - test, then test again. And in all situations, YMMV. This could easily be adapted to do updates on shutdown - just drop 'mount -u -r /' and add 'mount -u -o rw /' before the first copy operation and put it in /etc/rc.shutdown. This has dangers in if the system gets shutdown as a result of a power outage and the UPS tells the server to shut down - if there are pending updates and they take too long to copy over and the batteries run out before it finishes, you've got an inconsistent system. You'd have to extend the script to check if the system is being shutdown by the UPS. Please let me know if this is way off track, or even if it's brilliant, or somewhere in between. -- Aaron Mason - Programmer, open source addict - Oh, why does everything I whip leave me?
