mount NFS using /etc/fstab

First, you may need to authenticate the local machine to the NFS server.

Then,

Please add the following line to the end of your /etc/fstab:

NFS_SERVER:/vol/vol1_home    /home           nfs4    defaults        1 1

This is the format:
SERVERIP:REMOTE_FILE      LOCAL_FILE    FILE_FORMAT 

After this, do "mount -a" should get your home directory mounted.

Other commands about mount:
mount -a: mount all of the files in /etc/fstab
umount /home: unmount the local home direcotry from NFS server

Ubuntu file system becomes read only

My Ubuntu on Chromebook has this problem, and it fixed by $fsck -Af

Source Link is:
http://askubuntu.com/questions/197459/read-only-file-system

The filesystem will usually go into read-only while the system is running if there is a filesystem consistency issue. This is specified in fstab as errors=remount-ro and will occur when a FS access fails or an emergency read-only remount is requested via Alt+SysRq+U. You can run:

sudo fsck -Af

to force a check of all filesystems. As the other very good answer states, looking at dmesg is also very helpful.

/boot directory is full and remount another partition to /boot direcotry

Problem: /boot directory on /dev/hda1 is full, and no more space on disk
Solve: re-mount /dev/hda6 to /boot 

[root@centos5 ~]# df -h
Filesystem            Size  Used Avail Use% Mounted on
/dev/hda2             9.5G  7.7G  1.4G  86% /
/dev/hda6              23G  4.7G   17G  22% /home
/dev/hda3             1.9G   37M  1.8G   3% /tmp
/dev/hda1              90M  85M   5M 100% /boot

mount /dev/hda6 /boot


[root@centos5 ~]# df -h
Filesystem            Size  Used Avail Use% Mounted on
/dev/hda2             9.5G  7.7G  1.4G  86% /
/dev/hda6              23G  4.7G   17G  22% /home
/dev/hda3             1.9G   37M  1.8G   3% /tmp
/dev/hda1              23G  4.7G   17G  22% /boot
tmpfs                 251M     0  251M   0% /dev/shm
/dev/hda6              23G  4.7G   17G  22% /boot

Time-of-Check-to-Time-of-Use (TOCTOU) attacks on Linux file systems

TOCTOU attack need exploit a race condition in a setuid program

setuid and setgid are Unix access rights flags that allow users to run an executable with the permissions of the executable's owner or group

Example1

buggy setuid program                             attacker 

                                      // create a file the attacker can access
                                      touch /home/attack/bad

// check user permissions to file

if (access("/home/attack/bad", R_OK) != 0) 

{
       exit(1);

}
                                      // remove file
                                      rm /home/attacker/bad

                                         // create a symbolic to link secrets
                                         ln -s /top/secret /home/attack/bad
// use file
fd = open("/home/attacker/bad", O_RDONLY);
// Do something about fd...

Example2

buggy setuid program                               attacker

                                    // create a symbolic link to a file the attacker can access
                                    ln -s /home/attack/bad /home/attack/symlink
   // check user permissions to file
   if (access("/home/attack/symlink", R_OK) != 0) {
       exit(1);
   }
                                    // update symbolic link to a secret file
                                    ln -sf /top/secret /home/attack/symlink
   // use file
   fd = open("/home/attacker/symlink", O_RDONLY);
   // Do something about fd...

Why does this work?
1. access check the real user ID permission, not the effective ID permission.
2. open will check the file permission, but it use effective ID permission, since it is a setuid program, it will open the file with program owner's permission
Why TOCTOU target at setuid program?
1. setuid always has this pattern: check permission use access(), then open() the file
2. setuid could open the file using program ower's permission. see man 2 open and man 2 access

more information please see this link

AUFS HOWTO

Also see aufs+ramdisk setup at: another article

For AUFS2: 
http://aufs.sourceforge.net/

For AUFS1:
http://aufs.sourceforge.net/README.aufs1

Download aufs, configure and compile it. Then install the module.

Usage example:

$ mkdir /tmp/rw /tmp/aufs

$ mount -t aufs -o dirs=/tmp/rw:${HOME}=ro none /tmp/aufs

Or 

$ mount -t aufs -o br:/tmp/rw:${HOME}=ro none /tmp/aufs

/tmp/aufs = $HOME + /tmp/rw

if you touch a file in /tmp/aufs, this file will be show up in /tmp/rw, not in $HOME, because $HOME is read only

AUFS1 + ramdisk setup

OS environment: Cent OS 5.5

1. compile and install linux kernel 2.6.18

$ wget http://www.kernel.org/pub/linux/kernel/v2.6/linux-2.6.18.tar.bz2
$ make menuconfig /*remember to install ncurses-devel*/
$ make -j4
$ make modules_install
$ make install
Add new kernel to menulist and reboot

2. set the menu.list to initialize about 500MB ramdisk ( add ramdisk_size=500000 )

kernel /vmlinuz-2.6.18 ro root=LABEL=/ hdc=ide-scsi ramdisk_size=500000

3. format this ramdisk and mount ramdisk to mountpoint /ramdisk

$ mke2fs -m 0 /dev/ram0   
$ mkdir /ramdisk
$ mount /dev/ram0 /ramdisk

4. compile and install aufs1 module. more info: http://aufs.sourceforge.net/README.aufs1

$ cd /your/linux/kernel/source (/lib/module/2.6.18/source/)
$ make menuconfig
$ make include/linux/version.h include/linux/utsrelease.h

$ cd aufs.wcvs/aufs
$ rm fs/aufs/Kconfig
$ make -f local.mk kconfig

$ make -f local.mk /* compile aufs module */

$ install -m 500 -p mount.aufs umount.aufs auplink aulchown auchk /sbin (recommended)
$ install -m 644 -p etc_default_aufs /etc/default/aufs (recommended)
$ echo FLUSH=ALL > /etc/default/auplink (recommended)
$ insmod ./aufs.ko /* install aufs module, you need to do this everytime after reboot */

5. mount /home /root /tmp ... directory to ramdisk

$ mkdir /ramdisk/home
$ mount -t aufs -o dirs=/ramdisk/home:/home=ro none /home /* home directory is read only, all the files written to home folder will be written into /ramdisk/home */