On 29 Mar 2017 14:42 +0100, from waqark3389temp@xxxxxxxxx (Waqar Khan): > My first question is, if something like header corruption/ passphrase > forgotten, would I be able to restore from my USB on to the LUKS > partition and continue using /home as it was? What if I have unmounted > it or rebooted the machine. Using the header backup requires knowledge of a passphrase that was current at the time when the header backup was taken. > Lastly, a few people have access to this machine (through the same > passphrase), some work colleagues, how can I protect against one > disgruntled member leaving the company and changing the passphrase > (then unmounting the volume for good measure) and not telling anyone? I would argue that the answer to this is similar to if LUKS wasn't involved at all. How are you already handling a disgruntled employee leaving and, as their parting gift, using `at` to schedule something like `rm -rf /home &>/dev/null` to be run as root, or pulling a few disks out of the rack and taking the disks with them as they leave? -- Michael Kjörling • https://michael.kjorling.se • michael@xxxxxxxxxxx “People who think they know everything really annoy those of us who know we don’t.” (Bjarne Stroustrup) _______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx http://www.saout.de/mailman/listinfo/dm-crypt
