Applying patches when /usr is ro

Posted on 2003-02-20
Medium Priority
Last Modified: 2013-12-27
I have been thrust in to the role of sys admin on a ultra sparc 60 running solaris 9. The /usr file system is configured to be read only, which is what most hardening guides i have read suggest to do. However, a large number of the patches that i attempt to install will not go because of this. Is this ok? I am missing something.....anyone?
Question by:beeman000
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions

Expert Comment

ID: 7990032
Are you installing as ROOT or as a User?

Author Comment

ID: 7993823
I am attempting to install them as root...

Expert Comment

ID: 7994457
What is the error message or what text shows to say that the patch was not applied?
Get 15 Days FREE Full-Featured Trial

Benefit from a mission critical IT monitoring with Monitis Premium or get it FREE for your entry level monitoring needs.
-Over 200,000 users
-More than 300,000 websites monitored
-Used in 197 countries
-Recommended by 98% of users


Author Comment

ID: 7994968
when i look at the log for the patch install it says that it cannot apply the patch because the /usr filesystem is read only.

Expert Comment

ID: 7995989
I've never had problems with installing patches on read-only /usr. One solution might be to change the permissions for /usr while you apply the patches:

$chmod 066 -R /usr

this will recursivly change /usr to read-write. install the patches and then:

$chmod 444 -R /usr

to change it back to read only

read the man pages for chmod and chown, and also this post, which is not directly related to your situation, but might have useful informaiton is linked here-

Others might have different solutions, maybe wait and see if someone else comes up with something...

Accepted Solution

blowfish earned 200 total points
ID: 7997412
There is no need to change the permissions on any of the files or directories in /usr.  

What is happenning is that the file system is mounted at boot time, in read-only mode.  Remember floppy disks and the tab that can be flicked to write-protect them?  This is similar, you need to (re) mount the file system in read-write mode first before you apply patches.  Try this sequence:

1.  From the console, shut the system down, all the way to run-level 0:
  # shutdown -y -g0 -i0

You will see several messages related to shutdown activity.  The last two messages will be:

  Program terminated

2.  Next, from the hardware monitor prompt, boot the system into single-user mode:

  ok boot -s

3.  The system will re-start itself, and after a few moments you will be prompted to give the root password for system maintenance mode, so do so.  

At this point, you should see a root shell prompt ("#").  The root file system will be mounted, as will /var and /usr.  Other file systems such as /opt, and whatever else you have on your system will not be mounted.  /usr will be mounted read-only, you need to mount it read-write.  

4.  So now remount /usr in read-write mode:
  # /sbin/mount -F ufs -o rw,remount /usr

Now you can proceed to apply your patches.  If your patches are on a filesystem other than /, /usr, or /var, then you will have to mount that first.  For example, let's say that they are in /opt.  

5.  Mount /opt:
  # /sbin/mount /opt

You can now apply your patches.  Reboot the system when you are done.

6.  Reboot after patch application:
  # shutdown -y -g0 -i6

Hope this helps.

LVL 10

Expert Comment

ID: 8009490
Also check that /etc/vfstab has not set the read only option for the /usr mount (ro).

Featured Post


Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Installing FreeBSD… FreeBSD is a darling of an operating system. The stability and usability make it a clear choice for servers and desktops (for the cunning). Savvy?  The Ports collection makes available every popular FOSS application and packag…
I have been running these systems for a few years now and I am just very happy with them.   I just wanted to share the manual that I have created for upgrades and other things.  Oooh yes! FreeBSD makes me happy (as a server), no maintenance and I al…
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:
Learn how to navigate the file tree with the shell. Use pwd to print the current working directory: Use ls to list a directory's contents: Use cd to change to a new directory: Use wildcards instead of typing out long directory names: Use ../ to move…
Suggested Courses
Course of the Month11 days, 7 hours left to enroll

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question