Is it possible to mount an entire disk device read only?

Karl Auer kauer at biplane.com.au
Sun Sep 6 12:34:28 UTC 2015


On Sun, 2015-09-06 at 13:13 +0200, silver.bullet at zoho.com wrote:
> No, you mentioned that you know how to mount individual partitions
> read-only, but you want to mount a whole drive read-only.

I used the word "mount" in the subject, but the word "attach" in the
body of my question. I'm not fussed about the terminology.

The order of events is that the kernel recognises and "attaches" (or
whatever you want to call it) the primary device, e.g. /dev/sdb. That
raw device can be read and written directly - there is no requirement to
mount (or even have) partitions.

My question is whether it is possible in software to make the raw device
read-only.

> So, how could somebody mount a complete drive, without mounting it by
> the individual partitions?

I think you may be suffering from a failure of the imagination :-)

> AFAIK I can't mount sda.

Well, that is indeed the question. I just put an ext4 filesystem
on /dev/sdb. mkfs.ext4 warned me ("/dev/sdb is entire device, not just
one partition! Proceed anyway? (y, n)" but allowed me to proceed.
Nautilus opened a file manager window on the device just as normal, and
reported the expected volume size. However, all operations involving a
write to the volume were greyed out. In a terminal window I got this
from mount (the drive is a USB stick):

/dev/sdb on /media/kauer/24d4dfff-2607-4072-8a4a-b3c671db0067 type ext4
(rw,nosuid,nodev,uhelper=udisks2)

The volume was owned by root though, and had no structures within it
with any other permissions, so it was untouchable except by root. If I
set up a directory read-writable by an ordinary user, then that ordinary
user could read and write it as expected.

Short answer - you CAN mount /dev/sda, as long as it has a filesystem on
it. And mkfs will happily put a filesystem on it for you if asked to do
so.

> IOW I guess you're asking for a flag that prohibits write access. If
> so, then the question is, if the drive should be flagged as read-only,
> by the drive, so that a multi-boot or external drive connected to
> another computer, always is write protected, or should just one install
> use the drive read-only?!

That's a different point again. Anything short of a hardware
switch/jumper on the drive itself would always be subvertible by
software. Some USB sticks used to have R/W switches too. 

Regards, K.


-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Karl Auer (kauer at biplane.com.au)
http://www.biplane.com.au/kauer
http://twitter.com/kauer389

GPG fingerprint: 3C41 82BE A9E7 99A1 B931 5AE7 7638 0147 2C3C 2AC4
Old fingerprint: EC67 61E2 C2F6 EB55 884B E129 072B 0AF0 72AA 9882





More information about the ubuntu-users mailing list