Linux that restores itself on each reboot

linux

I'm looking for methods and software to help create a variant of lubuntu that will restore itself to an install state and/or update on every boot. I'm thinking of doing things like putting the root filesystem on a squashfs and using unionfs and tmpfs to make root writable, but automagically restorable. I'm thinking of updating the squashfs with rsync. Perhaps there are other ways to approach the problem. Perhaps root needn't be writable at all. All thoughts welcome.

The home dir would be writable in the usual way.

The goal, if it matters, is a Linux that's simple to maintain from the home office, but that functions correctly for customers. We have some custom software that we wish for customers to be able to run trivially on equipment we provide. Ideally these devices would have a "restore to factory" function that would put it back the way we intended. If this is part of the normal boot cycle, so much the better.

Why lubuntu? Personal preference for this application. It has a usable desktop, but doesn't take up much ram.

Best Answer

SquashFS is the underlying mechanism used in LiveCDs. There are others, but they all represent an overlay. What you want to do is study LiveCDs to see how they get the root mounted on top of the CD (read only) and either a RAM filesystem (easily disposed of) or lay onto a loopback device file on a local drive (non-volatile).

What I think you want to do is create a local file for squash and either delete it as the last step of a shutdown or the first step of a startup. Automatic cleanup is required. Then you guys can distribute an image of the base machine with periodic updates.

Oh, and before you get any bright ideas, multiple overlays might be possible but are strongly discouraged due to some nasty VFS complications.

Of course, you could create loopback files on a local drive for home directories, as though they were encrypted home directories, which might allow for easy backup to external media.

Related Solutions

Linux – How to limit screen resolution in xorg 1.5

You can try to update/add the screen section to your xorg.conf file:

Section "Screen"
Identifier  "Default Screen"
Device      "Generic Video Card"
Monitor     "Generic Monitor"
DefaultDepth    24
SubSection "Display"
    Depth       16
    Modes       "1024x768" "800x600" "640x480"
EndSubSection
SubSection "Display"
    Depth       24
    Modes       "1024x768" "800x600" "640x480"
EndSubSection
EndSection

You'll want to make sure that your "Default Screen" is listed in the Server Layout section:

Section "ServerLayout"
Identifier  "Default Layout"
Screen      "Default Screen"
InputDevice "Generic Keyboard"
InputDevice "Configured Mouse"
InputDevice     "stylus" "SendCoreEvents"
InputDevice     "cursor" "SendCoreEvents"
InputDevice     "eraser" "SendCoreEvents"
EndSection

You'll also want to make sure that the "Device" and "Monitor" id's match your configuration.

Linux – How to run a server on port 80 as a normal user on Linux

Short answer: you can't. Ports below 1024 can be opened only by root. As per comment - well, you can, using CAP_NET_BIND_SERVICE, but that approach, applied to java bin will make any java program to be run with this setting, which is undesirable, if not a security risk.

The long answer: you can redirect connections on port 80 to some other port you can open as normal user.

Run as root:

# iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 8080

As loopback devices (like localhost) do not use the prerouting rules, if you need to use localhost, etc., add this rule as well (thanks @Francesco):

# iptables -t nat -I OUTPUT -p tcp -d 127.0.0.1 --dport 80 -j REDIRECT --to-ports 8080

NOTE: The above solution is not well suited for multi-user systems, as any user can open port 8080 (or any other high port you decide to use), thus intercepting the traffic. (Credits to CesarB).

EDIT: as per comment question - to delete the above rule:

# iptables -t nat --line-numbers -n -L

This will output something like:

Chain PREROUTING (policy ACCEPT)
num  target     prot opt source               destination         
1    REDIRECT   tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:8080 redir ports 8088
2    REDIRECT   tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:80 redir ports 8080

The rule you are interested in is nr. 2, so to delete it:

# iptables -t nat -D PREROUTING 2

Best Answer

Related Solutions

Linux – How to limit screen resolution in xorg 1.5

Linux – How to run a server on port 80 as a normal user on Linux

Related Topic