Implementation of Read-Only System Files and Mobile and I/O POST/GET Service Removal with RutOS 7.14

Dear community,

We would like to inform you that with the release of RutOS version 7.14 in Q2 2025, devices will implement read-only permissions for critical system files by default. This change enhances security and system stability but may impact users performing non-standard operations.

Additionally, with RutOS 7.14, support for the POST/GET service will be discontinued to strengthen security. Device functionality will remain accessible through alternative methods.

For more details, please refer to our wiki:

We appreciate your understanding.

1 Like

Hello,

It would be instructive to have the list of the read-only files. Will the implementation been done via a read-only filesystem ?
Currently, I use modified /sbin/netifd and /usr/sbin/odhcp6c executables in order to cope with a wobbly ISP. Will I need to rebuild and reflash a full SDK ?

Regards,

Hello,

We won’t use writable OverlayFS for the root file system anymore. This means there will be only a few directories that are writable:

  • /etc - writable overlayfs with lowerdir of ro /etc
  • /usr/local - writable overlayfs with lowerdir of ro /usr/local
  • /log - writable jffs2 (or ubifs) partition
  • /tmp - writable tmpfs, non-persistent
  • /mnt - symlink to /tmp
  • /var - symlink to /tmp
  • /overlay - writable jffs2 or ubifs where overlayfs upperdir of /etc and /usr/local are stored
  • /ext - only on SME (Storage Memory Expansion) enabled: writable ext4 or exfat where overlayfs upperdir of /usr/local is stored
  • /usr/share - symblink to /usr/local/share

Anything else - won’t be writable. That includes binaries in /bin /sbin /usr/bin /usr/sbin; libraries in /lib /usr/lib.

Package manager will install packages into /usr/local directory. PATH environment variable is also updated to launch binaries from /usr/local path.

For example, if you had some files or scripts in /root directory, then you won’t be able to put them there with RUTOS 7.14. Instead, you should place them somewhere in /usr/local.

If you had replaced system binaries: let’s say you have modified and built netifd from the SDK, then uploaded it into the device and replaced original library at /sbin/netifd. This won’t work either, however, you will be able to place it at /usr/local/bin/netifd, then modifying /etc/init.d/network to use /usr/local/bin/netifd and not /sbin/netifd.

Best regards,

2 Likes

Thank you for the precision.

thank you.

Just to confirm, a Task Manager script I have that writes into /etc/config will not be affected?

Hello @amadgwick,

it’ll remain unaffected.

Best regards,

Hello,

We have executable binaries and config files in /storage/ on TRB1xx devices. Will be these folders also only readable?

Regards,

Hello @gkovacs9999,

The storage partition on the TRB14X/TRB5XX series will be mounted on /log, which is writable and /storage will be a symlink to /log, so in the end, both of these will be writable as in previous firmwares.

Best regards,

Thanks, that is a viable solution.

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.