How to preserve and freeze modification made during a LiveSession of LiveDisc and to prevent any further modification without remastering the LiveDisc

A bootable read-only LiveDisc (e.g. LiveCD, LiveDVD, write-protected LiveUSB, write-protected LiveSD) holding a complete OS (e.g. Ubuntu or Mint) is ideal to prevent unintentional modification that would be caused by inadvertence, accidents, malware pieces or malicious attacks. A writable boot disk such as HDD or SSD would be susceptible to unintentional modification.

However, some of the default settings on the LiveDisc are inappropriate to my use, and I need some customization by modifying some settings. Once the settings are appropriately modified and customized, I want to freeze the settings, and I want the frozen settings to be preserved beyond shutting down or rebooting of the computer, but I want any further modification to be prevented. I mean, I want any further modification to vanish when the computer shuts down or restarts.

By the nature of LiveDisc, by default, every writing addressed to the LiveDisc is redirected to a RAM disk; that is, anything that seems written into the LiveDisc is actually written into a RAM disk. Hence, all modification/customization during a Live Session is held only in a RAM disk, and vanishes every time the computer restarts or shuts down. Thanks to this nature, any undesired modification caused by inadvertence, accident, malware or malicious attack will be destroyed when the computer restarts or shuts down.

The "persistent" feature by "casper" forces every writing addressed to the LiveDisc to be redirected to a second disk, which must be writable as opposed to read-only, and which must be labeled "casper-rw", and which is typically a USB stick. Thus, all modification/customization (including undesired modification) survives in the second disk (labeled "casper-rw") beyond restarts and shutdowns. This "persistent" feature indeed preserves my initial modification/customization beyond restarts and shutdowns. Unfortunately, however, this feature continues to preserve all further modification, even though I want all further modification to vanish. So, this "persistent" feature by "casper" does not work for my use.

(For this "persistent" feature, see the Ubuntu Help Wiki "https://help.ubuntu.com/community/LiveCD/Persistence", and also see the manpage of "casper".)

Some USB sticks and all SD cards have a write-protection tab. I tried such a write-protectable device to be used as a "casper-rw" disk. After the initial modification/customization was made, I shut down the computer, I turned on the write-protection tab of the "casper-rw" disk, hoping to prevent any further modification, and turned the computer on again. Then, the LiveDisc stalled with an error complaining that the "casper-rw" disk is not writable. Thus, the "casper-rw" disk must be always writable.

Once the initial modification/customization is saved to a secondary disk, I want the LiveDisc to use this secondary disk for only reading the frozen modification/customization, and hence I want any further writing addressed to LiveDisc to be redirected to the usual RAM disk instead of being redirected to the secondary disk. How can this be achieved? By tweaking boot parameters and/or casper parameters, can this be achieved?

The manpage of "casper" mentions "snapshot", and there is a manpage titled "casper-snapshot". However, the descriptions of "snapshot" in these manpages are so short and curt that I do not understand what "snapshot" does in the context of "casper". Does this "snapshot" do what I am trying to achieve?

I know that one can create a new custom LiveDisc, as guided by "LiveCDCustomizationFromScratch" (https://help.ubuntu.com/community/LiveCDCustomizationFromScratch) and "LiveCDCustomization" (https://help.ubuntu.com/community/LiveCDCustomization). However, while my modification/customization on the settings is still experimental, I do not want to create a new custom LiveDisc, and I prefer to use a secondary disk.

Custom LiveDisc

Your best choice is probably to create a new custom LiveDisc, but it is a lot of work to setup.

Workaround using a persistent live system

I will suggest a workaround here:

Setup

• Use a persistent live drive by mkusb and set it up with the desired properties (tweaks, installed programs etc)

• Make a tarball of the content in the partition for persistence and store it in some other partition or drive. There is already a tool for it in mkusb, made for backup purposes.

• Then you can use the system with persistence

[Repeated] usage

• At shutdown you should remove the content of the partition for persistence (if it is important to maintain security and privacy)

• Boot into a live (live-only) session and extract the content from the tarball into the partition for persistence ...

• and reboot, this time into the persistent live session with the desired properties.

How to make a persistent USB install read-only

It is possible to do what you want using a modified Guest User account

• Install lightdm:

    sudo apt-get install lightdm
  

The install process will ask to remove GDM.

• At popup select lightdm as display manager.

For a grub2 booters with persistent casper-rw partitions, such as mkusb:

Open casper-rw/upper/etc/lightdm/lightdm.conf and change allow-guest=true. Now there will be a Guest account.

For Syslinux booters with persistent casper-rw files such as UNetbootin and Rufus: First mount the casper-rw file:

sudo mkdir /media/casper

sudo mount -o loop casper-rw /media/casper/

Then edit casper/upper/etc/lightdm/lightdm.conf and change allow-guest=true A guest account will be added to boot options.

Modifying the Guest Account

You may use an existing User Account, or create a new User Account, to use as a Live basis for customizing the Guest Session.

Make a directory for guest session, if one does not already exist:

sudo mkdir /etc/guest-session

Create a symbolic link:

sudo ln -s /home/{NAME} /etc/guest-session/skel

Where {NAME} is the name of the User Account you wish to use as a basis.

Any changes made to the user account will appear in the guest account.

Any changes to the guest account will be deleted at end of the session.

User {NAME} can be hidden at login:

• To hide the user open /var/lib/AccountsService/users/{NAME}

• Edit line to SystemAccount=true

See also Add Guest user to Persistent flash drive

Customize Guest Session