I am going to install Linux and am considering putting /usr into its own partition. During normal boot i would use the option ro in the /etc/fstab file. This will make the entire /usr partition as read only. This is being done because /usr partition has the binaries of all the programs, applications and services. Apart from a few applications most of packages are installed inside /usr by the Debian package manager.
If this is done then during installation / re-installation / updates / removal / purge I will have to remount the /usr file system as rw. I am ready to live with that.
It is expected that this will harden the system against any possible attacks or maleficence activity or casual mistake.
I cannot mount the /usr as noexec since there are executables which will be executed.
However apart from this is there any other implication of mounting /usr as ro? Will the system work normally if it is done so? Are there other things that I have to watch out for, apart from package management, if the /usr partition is mounted as read-only?
If this is done then during installation / re-installation / updates / removal / purge I will have to remount the /usr file system as rw. I am ready to live with that.
It is expected that this will harden the system against any possible attacks or maleficence activity or casual mistake.
I cannot mount the /usr as noexec since there are executables which will be executed.
However apart from this is there any other implication of mounting /usr as ro? Will the system work normally if it is done so? Are there other things that I have to watch out for, apart from package management, if the /usr partition is mounted as read-only?
Statistics: Posted by DebianFox — 2024-06-03 07:29