A user read-only access account.
Note: As the filesystem is read only, some commands won't work, such as vi that requires write access into /var/tmp to create a temporary file.
To setup read-only access a "new root" directory such are "/var/read-only" is created,.Under this directory "/" is mounted as read-only.
Here is a diagram of the directory structure.
| | | |
var usr adm <etc>
/ (Note: this link is a read-only mount of /)
| | | |
var usr adm <etc> (Note: these directories are picked up even if they are separate mounted filesystems.)
(Note: no it doesn't get cyclic at this point)
When a user logs in, instead of running a shell such as /sbin/sh in the password file, readonlyshell which has suid privileges runs. It changes the root directory for the user to "/var/read-only", sets a couple of shell variables and changes directory to the "/" directory, now "/var/read-only". Lastly it runs a bash shell.
Be the first to post a review of readonlyuser!