Wols Lists wrote: > On 19/03/2022 08:03, Dale wrote: >> Howdy, >> >> I been thinking. Yea, that's dangerous. lol If I logout of KDE, or >> have the screen locked, ctrl+alt=L key sequence, how secure is that if I >> have good passwords that are virtually impossible to crack? My login >> manager is sddm. As a example, if someone breaks into my home, is there >> a easy way to get past that? I recall the old windoze 98 days where a >> certain key sequence would bypass the password prompt. Is there a way >> known to crooks and such that can bypass or easily defeat passwords? >> > I'm not aware of any such shortcuts. There are always bugs, and design > flaws, and I believe there is such a design flaw in X such that it's > POSSIBLE to bypass a screen-lock. >
Well, I'm working on replacing this with xscreensaver. Sounds like it locks and means it. ;-) >> I'm aware that if a person boots up where no password is required, that >> will bypass, even as root if I recall correctly. I'm just looking for >> something that is even easier than that. >> > Actually, systemd is actively working on closing that hole ... I'm using openrc here. Hmmmm. > >> Also, if I have a encrypted hard drive open and mounted and then cut off >> power, doesn't that disable the decryption for the drive? In other >> words, I pull the plug and someone powers it back up, the drive is >> encrypted again and requires a password. > > Yes. If you even so much as SUSPEND your system, it's considered a > serious bug for the encryption key to be flushed to disk - it has to > be wiped - and with no key decryption is no longer possible. OK. If the system is shutdown or plug pulled, hard drive locks up and requires the password to decrypt. Sounds good. I was fairly sure it would since it no longer has the device node that is decrypted. >> >> Also, I'm planning to reorganize and encrypt some more stuff here. I >> want to remove one hard drive from my home thingy. Is it really as easy >> as pvmove /dev/sdx the device I want to remove? From my understanding I >> need to reduce the file system first. Is that correct? I'm often >> amazed at how easy some things can be done with LVM. >> > I think you mean pvREmove and, provided you have sufficient unused > space in your PV greater or equal to the size of the drive, yes it > really is that simple. Of course, if you have LESS free space, LVM > will be unable to move everything off sdx and you're going to lose data. > > If you're planning to re-organise by adding larger disks, check out > whether LVM has the equivalent of "mdadm --replace ...", where md-raid > will move stuff on a running system. > > Cheers, > Wol > > The guide I'm looking at shows pvmove. This is what I'm looking at: https://tldp.org/HOWTO/html_single/LVM-HOWTO/#RemoveADisk If it doesn't scroll to it, it's section 13.5 Removing old disk. It says: pvmove /dev/hdb That's for old IDE but I guess it is the same for sd* drives. Maybe I'm looking at the wrong section? Sounds pretty easy. It doesn't even mention reducing the file system there but it does in another section. So, I assume I'd need to reduce the file system first, run that command and the next section's command to remove the drive itself and that's it. I'm moving to encrypting some directories. To do that, I need a empty drive first to put encryption on. Then I can encrypt, move stuff that isn't encrypted then add drives back until everything that I want is encrypted. I'm assuming I can have one large logical volume that is encrypted across more than one drive. Right now, I have 3 drives for /home. I got space to remove one and then start encrypting and adding other drives to the encrypted stuff. I wish it was to where my user password could do this as I login/unlock screen etc. Thing is, I have things running that need to access the drives even when the screen is locked. I don't think what I want is even possible there. Dale :-) :-)
