diff --git a/server.py b/server.py
index 89593c8..8599921 100755
--- a/server.py
+++ b/server.py
@@ -12,7 +12,7 @@ import datetime
 from email.mime.text import MIMEText
 from email.mime.multipart import MIMEMultipart
 
-from serverconfig import CRANSP_MAIL, DEST_MAIL, KEYS, ROLES, STORE
+from serverconfig import READONLY, CRANSP_MAIL, DEST_MAIL, KEYS, ROLES, STORE
 
 MYUID = pwd.getpwuid(os.getuid())[0]
 if MYUID == 'root':
@@ -153,11 +153,15 @@ def notification(subject,corps,fname,old):
     conn.sendmail(frommail,tomail,msg.as_string())
     conn.quit()
 
+WRITE_COMMANDS = ["putfile", "rmfile"]
+
 if __name__ == "__main__":
     argv = sys.argv[1:]
     if len(argv) not in [1, 2]:
         sys.exit(1)
     command = argv[0]
+    if READONLY and command in WRITE_COMMANDS:
+        raise IOError("Ce serveur est read-only.")
     filename = None
     try:
         filename = argv[1]
diff --git a/serverconfig.example.py b/serverconfig.example.py
index e24f837..fc9ebdb 100755
--- a/serverconfig.example.py
+++ b/serverconfig.example.py
@@ -10,6 +10,9 @@ Dans le futur, sera remplacé par une connexion ldap.
 STORE = '/root/cranspasswords/db/'
 """ Répertoire de stockage """
 
+READONLY = False
+""" Ce serveur est-il read-only (on ne peut pas y modifier les mots de passe) """
+
 CRANSP_MAIL = "cranspasswords <root@crans.org>"
 """ Expéditeur du mail de notification """