From owner-freebsd-questions@FreeBSD.ORG Sat Jun 26 09:45:31 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E384D16A4CE for ; Sat, 26 Jun 2004 09:45:30 +0000 (GMT) Received: from smtp.infracaninophile.co.uk (ns0.infracaninophile.co.uk [81.2.69.218]) by mx1.FreeBSD.org (Postfix) with ESMTP id 65B9C43D31 for ; Sat, 26 Jun 2004 09:45:29 +0000 (GMT) (envelope-from m.seaman@infracaninophile.co.uk) Received: from happy-idiot-talk.infracaninophile.co.uk (localhost.infracaninophile.co.uk [IPv6:::1])i5Q9iMAB085505 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Sat, 26 Jun 2004 10:44:22 +0100 (BST) (envelope-from matthew@happy-idiot-talk.infracaninophile.co.uk) Received: (from matthew@localhost)id i5Q9iMBT085504; Sat, 26 Jun 2004 10:44:22 +0100 (BST) (envelope-from matthew) Date: Sat, 26 Jun 2004 10:44:22 +0100 From: Matthew Seaman To: MICSKO Viktor Message-ID: <20040626094422.GA73314@happy-idiot-talk.infracaninophile.co.uk> Mail-Followup-To: Matthew Seaman , MICSKO Viktor , freebsd-questions@freebsd.org References: Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="HlL+5n6rz5pIUxbD" Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.6i X-Greylist: Message not sent from an IPv4 address, not delayed by milter-greylist-1.4 (smtp.infracaninophile.co.uk [0.0.0.0]); Sat, 26 Jun 2004 10:44:22 +0100 (BST) X-Virus-Scanned: clamd / ClamAV version devel-20040612, clamav-milter version 0.72a on smtp.infracaninophile.co.uk X-Virus-Status: Clean X-Spam-Status: No, hits=-4.8 required=5.0 tests=AWL,BAYES_00 autolearn=ham version=2.63 X-Spam-Checker-Version: SpamAssassin 2.63 (2004-01-11) on happy-idiot-talk.infracaninophile.co.uk cc: freebsd-questions@freebsd.org Subject: Re: setting a disk read only X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 26 Jun 2004 09:45:31 -0000 --HlL+5n6rz5pIUxbD Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Sat, Jun 26, 2004 at 02:38:28AM +0200, MICSKO Viktor wrote: > Is it possible to setting a *whole* disk read only? I mean the way linux > does it with "hdparm -r 1 device". So adding an -o ro parameter to mount > isn't enough, I want to be sure that the disk is unmodified. >=20 > (I have to access an existing raid of 8 disks using vinum without any > modified bit, because of the highly sensitive data. Any idea doing this > absolutely securely is welcome too) Hmmm... SCSI disks can be physically jumpered to be read-only. I should think that ATA drives can be treated the same way. Consult the manufacturers' data sheets for details. One point about doing this: if you make the disk physically read-only, it will work well when mounted read-only on the system. However, I'm not so sure what would happen if you accidentally mounted the drive read-write. Best case is that the system would refuse to mount the drive rw: either failing and emitting an error, or complaining and automatically flipping the mount flags to ro. Worst case is that everything will apparently work perfectly fine until the system attempts to do a write, at which point it will freeze or blow up. You might want to test out what happens on a scratch system. Cheers, Matthew --=20 Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks Savill Way PGP: http://www.infracaninophile.co.uk/pgpkey Marlow Tel: +44 1628 476614 Bucks., SL7 1TH UK --HlL+5n6rz5pIUxbD Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (FreeBSD) iD8DBQFA3UV2iD657aJF7eIRAq8UAJ4yPsZY5TSKVuq7fTdUc4sBPXknQACePKEr aA2+O/oBKHWB4ylMQ2FFQR4= =BQHM -----END PGP SIGNATURE----- --HlL+5n6rz5pIUxbD--