Applying patches when /usr is ro

I have been thrust in to the role of sys admin on a ultra sparc 60 running solaris 9. The /usr file system is configured to be read only, which is what most hardening guides i have read suggest to do. However, a large number of the patches that i attempt to install will not go because of this. Is this ok? I am missing something.....anyone?
Thanks.
beeman000Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

foxtrotzuluCommented:
Are you installing as ROOT or as a User?
0
beeman000Author Commented:
I am attempting to install them as root...
0
foxtrotzuluCommented:
What is the error message or what text shows to say that the patch was not applied?
0
Cloud Class® Course: Microsoft Office 2010

This course will introduce you to the interfaces and features of Microsoft Office 2010 Word, Excel, PowerPoint, Outlook, and Access. You will learn about the features that are shared between all products in the Office suite, as well as the new features that are product specific.

beeman000Author Commented:
when i look at the log for the patch install it says that it cannot apply the patch because the /usr filesystem is read only.
0
foxtrotzuluCommented:
I've never had problems with installing patches on read-only /usr. One solution might be to change the permissions for /usr while you apply the patches:

$chmod 066 -R /usr

this will recursivly change /usr to read-write. install the patches and then:

$chmod 444 -R /usr

to change it back to read only

read the man pages for chmod and chown, and also this post, which is not directly related to your situation, but might have useful informaiton is linked here-
http://www.netsys.com/sunmgr/1997-09/msg00087.html

Others might have different solutions, maybe wait and see if someone else comes up with something...
0
blowfishCommented:
There is no need to change the permissions on any of the files or directories in /usr.  

What is happenning is that the file system is mounted at boot time, in read-only mode.  Remember floppy disks and the tab that can be flicked to write-protect them?  This is similar, you need to (re) mount the file system in read-write mode first before you apply patches.  Try this sequence:

1.  From the console, shut the system down, all the way to run-level 0:
  # shutdown -y -g0 -i0

You will see several messages related to shutdown activity.  The last two messages will be:

  Program terminated
  ok

2.  Next, from the hardware monitor prompt, boot the system into single-user mode:

  ok boot -s

3.  The system will re-start itself, and after a few moments you will be prompted to give the root password for system maintenance mode, so do so.  

At this point, you should see a root shell prompt ("#").  The root file system will be mounted, as will /var and /usr.  Other file systems such as /opt, and whatever else you have on your system will not be mounted.  /usr will be mounted read-only, you need to mount it read-write.  

4.  So now remount /usr in read-write mode:
  # /sbin/mount -F ufs -o rw,remount /usr

Now you can proceed to apply your patches.  If your patches are on a filesystem other than /, /usr, or /var, then you will have to mount that first.  For example, let's say that they are in /opt.  

5.  Mount /opt:
  # /sbin/mount /opt

You can now apply your patches.  Reboot the system when you are done.

6.  Reboot after patch application:
  # shutdown -y -g0 -i6

Hope this helps.

0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
elf_binCommented:
Also check that /etc/vfstab has not set the read only option for the /usr mount (ro).
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Unix OS

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.