1

I can't believe there is no simple solution to this (because it seems potentially a very useful feature to me), but so far I couldn't find any.

I'd like to be able to (temporarily) turn off my own write permission to the filesystem I'm using. Let's say, I'm logged in on a sensitive system where all I want is to view files but I want to avoid making any changes by mistake.

A lighter version:

If all the write permissions I have are due to the groups to which I belong (I disregard now my home directory), can I turn off these permissions by somehow temporarily removing myself from these groups (newgrp only changes my default group but not the whole group list)?

Of course, in either version I'm asking about doing this without the root privileges.

Faheem Mitha
  • 35,108
user66067
  • 11
  • Without root, probably not. – jordanm Apr 24 '14 at 16:16
  • 1
    Of course you need to be root to perform the below operations. Mount the system as read only. May be, mount -o remount, ro /dev/sda1 – Ramesh Apr 24 '14 at 16:18
  • 2
    Well, you could write a library to override open() and return an error if passed O_WRONLY or O_RDWR, and then put it in $LD_LIBRARY_PATH. Not sure if I would consider that a good, or terribly evil solution :-/ – phemmer Apr 25 '14 at 00:36
  • @Ramesh That would turn off EVERYONE's (including root's) write permissions, not just your own. – Barmar Apr 26 '14 at 06:39
  • this is what ulimit is for. – mikeserv Jan 24 '16 at 05:15

2 Answers2

0

What I propose you is to execute a script that will overide all command you're usually using for editing files so it uses less instead for example: 

#!/bin/bash
export EDITOR=less
alias vi=less
alias vim=less
alias nano=less
alias pico=less
alias rm=less

This is just an example but by executing such a script the chance you modify any file would be definitely reduced (and you can probably complete the list) You can even integrated those modification in your .bashrc or profile file, you can refer to this answer depending of your shell so it would be permanent and build a script that restore your aliases like this so modifying your system would only be intentionnal:

#!/bin/bash
export EDITOR=vi
alias vi=vi
alias vim=vim
alias nano=nano
alias pico=pico
alias rm=rm
Community
  • 1
Kiwy
  • 9,534
-1

If you really want to protect the whole filesystem, then you can remount it readonly (normally requires root permissions).

mount -o remount,ro /file-system/mountpoint
jasonwryan
  • 73,126
darkonc
  • 1