We would like to inform you that with the release of RutOS version 7.14 in Q2 2025, devices will implement read-only permissions for critical system files by default. This change enhances security and system stability but may impact users performing non-standard operations.
Additionally, with RutOS 7.14, support for the POST/GET service will be discontinued to strengthen security. Device functionality will remain accessible through alternative methods.
It would be instructive to have the list of the read-only files. Will the implementation been done via a read-only filesystem ?
Currently, I use modified /sbin/netifd and /usr/sbin/odhcp6c executables in order to cope with a wobbly ISP. Will I need to rebuild and reflash a full SDK ?
We won’t use writable OverlayFS for the root file system anymore. This means there will be only a few directories that are writable:
/etc - writable overlayfs with lowerdir of ro /etc
/usr/local - writable overlayfs with lowerdir of ro /usr/local
/log - writable jffs2 (or ubifs) partition
/tmp - writable tmpfs, non-persistent
/mnt - symlink to /tmp
/var - symlink to /tmp
/overlay - writable jffs2 or ubifs where overlayfs upperdir of /etc and /usr/local are stored
/ext - only on SME (Storage Memory Expansion) enabled: writable ext4 or exfat where overlayfs upperdir of /usr/local is stored
/usr/share - symblink to /usr/local/share
Anything else - won’t be writable. That includes binaries in /bin /sbin /usr/bin /usr/sbin; libraries in /lib /usr/lib.
Package manager will install packages into /usr/local directory. PATH environment variable is also updated to launch binaries from /usr/local path.
For example, if you had some files or scripts in /root directory, then you won’t be able to put them there with RUTOS 7.14. Instead, you should place them somewhere in /usr/local.
If you had replaced system binaries: let’s say you have modified and built netifd from the SDK, then uploaded it into the device and replaced original library at /sbin/netifd. This won’t work either, however, you will be able to place it at /usr/local/bin/netifd, then modifying /etc/init.d/network to use /usr/local/bin/netifd and not /sbin/netifd.