What do the fstab mount options 'errors=remount -ro' mean?

Solution 1:

From the man page:

errors={continue|remount-ro|panic}
    Define the behavior  when  an  error  is  encountered.   (Either
    ignore  errors  and  just  mark  the  filesystem  erroneous  and
    continue, or remount the filesystem read-only, or panic and halt
    the  system.)   The default is set in the filesystem superblock,
    and can be changed using tune2fs(8).

Essentially, when there is an error mounting the disk with read/write privileges, it will instead mount it as 'read only'.

Whether or not 'defaults' are used in your setup are not necessarily relevant. Yes, you can expect 'defaults' here, but the lack therein doesn't hurt you a ton.

As well, the '0 1' part isn't part of the mount options - everything in an fstab line is space-delimited / tab-delimited - any space between things indicates the 'next argument' to use.


As a security person, though, my advice is that if you believe your system was tampered with during installation outside that of the typical installer, then you should not be using that system, and should install with a known, good ISO and no networking during that installation to rule out network boot installer images causing issues.

Solution 2:

It means that if any errors occur when trying to mount the device, it will be remount as read-only.

Solution 3:

The 0 and 1 on the last columns referring to and from fstab man pages:

The fifth field (fs_freq).

This field is used by dump(8) to determine which filesystems need to be dumped. Defaults to zero (don't dump) if not present.

The sixth field (fs_passno).

This field is used by fsck(8) to determine the order in which filesystem checks are done at boot time. The root filesystem should be specified with a fs_passno of 1. Other filesystems should have a fs_passno of 2. Filesystems within a drive will be checked sequentially, but filesystems on different drives will be checked at the same time to utilize parallelism available in the hardware. Defaults to zero (don't fsck) if not present.