1.理解chroot
https://www.ibm.com/developerworks/cn/linux/l-cn-chroot/
2.设置从库只读(包含super用户)
https://blog.51cto.com/jim123/1962072