Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium


Applying patches when /usr is ro

Posted on 2003-02-20
Medium Priority
Last Modified: 2013-12-27
I have been thrust in to the role of sys admin on a ultra sparc 60 running solaris 9. The /usr file system is configured to be read only, which is what most hardening guides i have read suggest to do. However, a large number of the patches that i attempt to install will not go because of this. Is this ok? I am missing something.....anyone?
Question by:beeman000

Expert Comment

ID: 7990032
Are you installing as ROOT or as a User?

Author Comment

ID: 7993823
I am attempting to install them as root...

Expert Comment

ID: 7994457
What is the error message or what text shows to say that the patch was not applied?
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.


Author Comment

ID: 7994968
when i look at the log for the patch install it says that it cannot apply the patch because the /usr filesystem is read only.

Expert Comment

ID: 7995989
I've never had problems with installing patches on read-only /usr. One solution might be to change the permissions for /usr while you apply the patches:

$chmod 066 -R /usr

this will recursivly change /usr to read-write. install the patches and then:

$chmod 444 -R /usr

to change it back to read only

read the man pages for chmod and chown, and also this post, which is not directly related to your situation, but might have useful informaiton is linked here-

Others might have different solutions, maybe wait and see if someone else comes up with something...

Accepted Solution

blowfish earned 200 total points
ID: 7997412
There is no need to change the permissions on any of the files or directories in /usr.  

What is happenning is that the file system is mounted at boot time, in read-only mode.  Remember floppy disks and the tab that can be flicked to write-protect them?  This is similar, you need to (re) mount the file system in read-write mode first before you apply patches.  Try this sequence:

1.  From the console, shut the system down, all the way to run-level 0:
  # shutdown -y -g0 -i0

You will see several messages related to shutdown activity.  The last two messages will be:

  Program terminated

2.  Next, from the hardware monitor prompt, boot the system into single-user mode:

  ok boot -s

3.  The system will re-start itself, and after a few moments you will be prompted to give the root password for system maintenance mode, so do so.  

At this point, you should see a root shell prompt ("#").  The root file system will be mounted, as will /var and /usr.  Other file systems such as /opt, and whatever else you have on your system will not be mounted.  /usr will be mounted read-only, you need to mount it read-write.  

4.  So now remount /usr in read-write mode:
  # /sbin/mount -F ufs -o rw,remount /usr

Now you can proceed to apply your patches.  If your patches are on a filesystem other than /, /usr, or /var, then you will have to mount that first.  For example, let's say that they are in /opt.  

5.  Mount /opt:
  # /sbin/mount /opt

You can now apply your patches.  Reboot the system when you are done.

6.  Reboot after patch application:
  # shutdown -y -g0 -i6

Hope this helps.

LVL 10

Expert Comment

ID: 8009490
Also check that /etc/vfstab has not set the read only option for the /usr mount (ro).

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In tuning file systems on the Solaris Operating System, changing some parameters of a file system usually destroys the data on it. For instance, changing the cache segment block size in the volume of a T3 requires that you delete the existing volu…
FreeBSD on EC2 FreeBSD (https://www.freebsd.org) is a robust Unix-like operating system that has been around for many years. FreeBSD is available on Amazon EC2 through Amazon Machine Images (AMIs) provided by FreeBSD developer and security office…
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:
In a previous video, we went over how to export a DynamoDB table into Amazon S3.  In this video, we show how to load the export from S3 into a DynamoDB table.
Suggested Courses
Course of the Month14 days, 9 hours left to enroll

577 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question