How to Remove Write Command In LibreELEC (Thread Closed)

  • It is possible to create a udev rule that runs "mount -o remount,ro /path/to/mount-point" but this will prevent data from being written. It will not stop something in the OS from reading the drive. NB: There is nothing in LE that copies add-ons automatically from an SD card or USB drive. Your description makes no sense.

  • I'm not sure what you want to achieve is possible with libreELEC. Solutions I'm aware of require running the tool "blockdev" which is not available in libreELEC. Maybe you could use some kernel parameter to disable usb block devices entirely...

  • Type "df" to find out where your USB stick is mounted. You should see something like:

    /dev/sda1 524008 136328 387680 26% /var/media/LIBREELEC

    Instead of "LIBREELEC" you will see the label of your stick.


    Then remount the drive readonly by giving this command:

    mount -o remount,ro /var/media/LIBREELEC

    Yes, there is a comma between "remount" and "ro". "ro" means "read-only" and is the parameter for the remount option.

    But beware that this solution is not persistent! If you unplug the USB stick and put it back in, it will be mounted writable again and your write protection is gone.

  • Now type

    mount -o remount,ro /var/media/sda1-usb-Sony_Storage_Med

    If you do not want to type the whole cryptic name, just do

    mount -o remount,ro /var/media/sda1[TAB]

    where [TAB] is the tab key on your keyboard and the shell will expand the name for you.

  • Looks fine. Test it:

    cd /var/media/sda1[TAB]

    touch foobar

    you should get an error message "readonly filesystem".

    But as said before: If you unplug the stick and put it back in, it will be writable again.

  • A "permanent solution" would require some system changes and/or additional tools that would only be useful for this specific/bizarre use case. If somebody has physical access to a device he can do a lot of things. Trying to secure it by exploiting the linux inexperience is not really a solution.

  • auto-mounting is done using udev and user created udev rules can be placed in /storage/.config/udev.rules.d/ to make them persistent if not truly permanent (which would require creating your own image). udev rules are applied in alphanumeric sequence so a rule numbered +1 higher than our default auto-mount rule can be used to remount the mounted USB with 'ro' set.

    this will still not prevent anyone from READING the data from the USB which is what the OP has stated (twice) as the problem.

  • this will still not prevent anyone from READING the data from the USB which is what the OP has stated (twice) as the problem.

    You seem to assume that the OP is running LibreELEC off the external USB stick. I understood that he is running it from internal storage and wants to prevent copying data *TO* the external USB drive only.

  • This remounts USB in read-only mode.

    Create two files

    /storage/.config/udev.rules.d/96-enforce-usb-ro.rules

    /storage/.config/system.d/enforce-usb-ro\@.service

    and reload rules and services or just reboot.

  • Just select all the code I wrote above and paste it in ssh terminal. It will create both files and reload service. After that usb disk should be mounted readonly.

    But in case you like to make file by hand here is the content

    /storage/.config/udev.rules.d/96-enforce-usb-ro.rules

    Code
    SUBSYSTEMS=="usb",ACTION=="add",KERNEL=="sd*",ENV{SYSTEMD_WANTS}="enforce-usb-ro@%k"

    /storage/.config/system.d/enforce-usb-ro\@.service

    Code
    [Unit]
    Description=Enforce read-only mode on USB storage device
    BindsTo=dev-%i.device
    
    [Service]
    Type=simple
    ExecStart=/usr/bin/mount -o remount,ro /dev/%I

    One other option to make device read only is to use hdparm

    Quote

    -r Get/set read-only flag for the device. When set, Linux disallows write operations on the device

    Code
    /usr/sbin/hdparm -r1 /dev/%I
  • i think selecting code and pasting in ssh terminal is more easy than creating with hand.i will be using putty, just copy and paste, will do the needful i hope.

  • You can see content of file with

    Code
    cat /storage/.config/udev.rules.d/96-enforce-usb-ro.rules
    Code
    cat /storage/.config/system.d/enforce-usb-ro\@.service

    And I think files are created. Just attach one USB disk and see with mount command if is mounted ro.