I set in /etc/fstab to mount the root directory to readonly.
But root user can still easily remount it to rw without even needing a reboot.
Is it possible to restrict root user from remouting or force all remouting required a system reboot?
There should be an option or file that allow system owner to lock the whole system to read only and the only way to change it back to read /write is altering the file using other linux pc.
Why would you do that? The root directory is the Root users “Home directory”
What do you want to achieve? Please give more info about your system and the Fedora-Linux Version.
Just to be sure that we are all talking about the same thing: Is this about the path / or /root ?
If it is about the / (you said “locking the whole system”), I suggest to review the rpm-ostree-based variants CoreOS and Silverblue/Kinoite (immutable variants are closest to your goal of read-only), depending on what you use your Fedora for, because / with read-only will be a highly unstable and unintended solution for the “regular” Fedora variants (I assume we are still talking about your Fedora 35 minimal?).
The concept of the “root” user (also known as superuser) is a role that can do things that the ordinary user cannot. The root user sets up the system environment, doing such things as marking a file system as read-only, and ordinary users cannot change that setting without root privileges.
If you are setting up a system for someone else, and you want it to be that only you can make configuration changes to the other’s system, then you take on the root role, and create an ordinary user account for them. Then you will have the situation you describe where you are the system owner, able to change the configuration by remotely accessing the user’s computer from your linux pc.
If this is your intent, we can discuss more details with you about that.
Maybe it’s because the default user created on Fedora Workstation by default have the ability as administrator (have sudo ability).
You could change that. But first create a password for
$ sudo su enter then type command
# passwd. Type the new password different from user password you type when using
$ sudo su. Immediately after that type
# visudo enter. Find line with
%wheel ALL=(ALL) ALL and change it as comment
#%wheel ALL=(ALL) ALL. Save it with
After that type
# exit to go back to normal user.
Now the normal user will not have
sudo abilities. You could test it by typing
$ sudo su or any commands related to
sudo with their password and it will not work.
When you as admin want to change the system configs you could use command
$ su and type new password your created above.