make it easier to keep the filesystem read-only when possible

sudoroom · Jan 4, 2016 · 2a65c31 · 2a65c31
1 parent e095b26
commit 2a65c31
Show file tree

Hide file tree

Showing 4 changed files with 20 additions and 0 deletions.
diff --git a/README.md b/README.md
@@ -46,6 +46,10 @@ ssh [email protected] "cd /root/doorjam; ./grant_access_to_last_attempt.js <name
 
 You can also use the sudo_grant_access.sh script, but you should edit it to suit your environment.
 
+change /etc/bash.bashrc to remind you when the filesystem is not read-only:
+# PS1='${debian_chroot:+($debian_chroot)}\u@\h:\w\$ '
+PS1='${debian_chroot:+($debian_chroot)}\u@\h`if grep "ec2c7555affb / ext4 rw" /proc/mounts > /dev/null; then echo \ FILESYSTEM IS WRITABLE, RUN roroot TO FIX; fi`:\w\$ '
+
 # License and copyright
 
 GPLv3+

diff --git a/editaccess b/editaccess
@@ -0,0 +1,7 @@
+if grep "ec2c7555affb / ext4 ro" /proc/mounts > /dev/null; then
+	rwroot
+	vim /root/doorjam/access_control_list
+	roroot
+else
+	vim /root/doorjam/access_control_list
+fi
diff --git a/roroot b/roroot
@@ -0,0 +1,5 @@
+#!/bin/sh
+
+echo SETTING FILESYSTEM TO READ-ONLY
+sync
+mount -o remount,ro /
diff --git a/rwroot b/rwroot
@@ -0,0 +1,4 @@
+#!/bin/sh
+
+echo SETTING FILESYSTEM TO READ-WRITE
+mount -o remount,rw /