read-only

Read-only is a file attribute which only allows a user to view a file, restricting any writing to the file. Setting a file to “read-only” will still allow that file to be opened and read; however, changes such as deletions, overwrites, edits or name changes cannot be made. This is often used for permission and security purposes, to keep unauthorized users from making accidental or intentional alterations.

Files marked as read-only normally imply that those files should not be changed or that caution needs to be taken before making alterations. Operating system files needed to keep a computer working properly are often read-only. For example, root directory files found in Microsoft Windows such as bootmgr.

Other places where the read-only file attribute can be used include PDFs, Microsoft Word documents, CD-ROMs, configured flash drives, solid state storage (SSS) devices, read-only memory (ROM) and containers. Setting a PDF or Word document to read-only will ensure the file cannot be changed by the owner or by any other shared users.

ROM is system memory that contains data which can only be read and not written to. ROM is read-only because it contains the programming which allows a computer to load each time it is turned on.

Setting a container to read-only can thwart a simple attack where a hacker accesses a container to add or delete code to create an exploit. In this sense, the read-only attribute is used for security rather than assurance. Read-only containers are available as a feature in Docker and Kubernetes, as well as other container platforms. In Docker, for example, to set a container as read-only, all a user has to do is select the read-only flag on startup.