How to mount file systems as read-only on Linux
On Linux, it is possible to quickly mount any file system as read-only directly through the terminal. Mounting file systems as read-only on the fly is a great way to prevent modifications, tampering and to overall increase security temporarily.
Mount file systems as read-only
To start the mounting process, open up a terminal window by pressing Ctrl + Alt + T or Ctrl + Shift + T on the keyboard. From there, run the lsblk command to view all block devices on your computer.
lsblk
If you have a lot of loop devices (Snap packages) showing up in lsblk, run lsblk -e 7 instead to view connected file systems without seeing loop devices.
Look through the printout that the lsblk command shows in the terminal to find the partition name you’re trying to re-mount as root. In this guide, we’ll use /dev/sda1. Yours may differ.
Note: having trouble finding out the partition label of the file system you’d like to mount as read-only? Check out our guide on how to find hard drive information on Linux.
Once you’ve determined the partition label, use the following command to mount the file system in read-only mode.
Note: the command below is an example. Please change “/dev/sda1” below with the partition label you plan to mount in read-only mode on Linux.
sudo mount -r /dev/sda1 /location/to/mount/partition/
With the above command entered, your file system will mount as read-only, and it will not be possible to tamper with the contents of the file system. It will stay in read-only mode till the next reboot.
Remove read-only mount
If you’ve decided you want to remove read-only mode on the partition you’ve mounted without rebooting, the remount command must be used.
Note: be sure to change “/dev/sda1” with the partition label for the file system you plan to re-mount as read/write on Linux.
sudo mount -rw -o remount /dev/sda1 /location/to/mount/partition/
Assuming the command above runs successfully the file system will no longer be mounted in read-only mode.
Permanently mount file systems as read-only
Putting a file system in read-only mode through the command-line is useful for specific tasks, but not sufficient for long-term use. If you want particular file systems on Linux to always be accessible in read-only mode, you must specify it in the file system configuration file (fstab).
Back up your Fstab
Before tinkering with the Fstab file in this guide, you must make a backup of the file. Making a backup will ensure that if something goes wrong during editing, changes made to the file can quickly be undone.
To create a backup of the Fstab file, use the cp command below.
sudo cp /etc/fstab /etc/fstab.bak
Add in read-only mode permanently
To add in read-only mode, open up the Fstab file in the Nano text editor. Keep in mind that editing this file must be done with sudo or su as it is a system file!
sudo nano -w /etc/fstab
Or
su - nano -w /etc/fstab
Once inside of the Fstab file in Nano, look for the partition you’d like to change to read-only mode and move the cursor there with the Arrow keys.
Note: can’t find the hard drive partition you want to change in the Fstab file? Open up a second terminal, run lsblk -f and match the UUID code that appears next to the partition you’d like to edit in the lsblk output with the one in “/etc/fstab.”
When you’ve found the line in the Fstab file, add in the read-only option to the file-system “ro” to the mount line. It should look similar to the example code below.
Note: the code below is just an example to get an idea of what the edit should look like. Do not copy and paste the code into Nano!
UUID=96E4E375E4E35651 /media/data-storage-windows ntfs defaults,ro 0 2
After making the edit to the Fstab file to make read-only permanent, save the edits. Saving is done by pressing Ctrl + O on the keyboard. Then, close the text editor by pressing Ctrl + X.
Close the terminal window and reboot your PC. When you log back in, the partition should be in read-only mode.
Remove read-only auto-mount
Want to get rid of the read-only mode set up in the Fstab file? Here’s what to do. First, open up a terminal window and move it to the root account by using sudo -s.
sudo -s
With the terminal window logged into the root account, move into the “/etc/” directory using the CD command.
cd /etc
Delete the Fstab file with the read-only edits made to it using the rm command.
rm fstab
Restore the “fstab.bak” file you made at the start of this guide with the mv command.
mv fstab.bak fstab
Close the terminal window and restart your Linux PC. When you log back in, the read-only setting will be disabled.
