[Nottingham] Read-only prefix command or command wrapper

[Camilo Mesias]

It's not very flexible, but I could imagine selinux being used to set this up.

Or you could write a custom library, loaded by LD_PRELOAD to intercept
any 'open' system calls and make sure the flags don't allow writing.
This approach works well if there are specific types of writing that
you want to block, but it's harder to try and cover all possible
writes.