I have an existing LVM volume group with a 10 TB logical volume mounted as an ext4 system which is actively in use. **Is it safe to run the command lvconvert --type cache --cachepool storage/lvmcache-data storage/data while ext4 filesystem is already mounted on storage/data?** (The storage/lvmcache-data has been previously configured with lvconvert --type cache-pool --cachemode writeback --poolmetadata storage/lvmcache-metadata storage/lvmcache-data in case it makes a difference.) I would assume yes, it's safe to add cache on-the-fly to online volume with mounted filesystem, but I couldn't find documentation either way.

I’m trying to include the beginning of a disk block device (the GPT area) read-only in a device-mapper linear mapping. This block device also contains my root filesystem, as such the partition housing it would be in use concurrently with the mapping’s existence. This is so I can pass through parts (but not all of) the same disk to Windows 10 running under QEMU, for use in there. I don’t intend to ever have any sections of the disk read-write in parallel across kernels, but Windows’ partition as well as the ESP (not mounted in Linux) would be. To visualize (partition numbers given): So, the beginning of the disk as well as the partitions one and three I want passed through, maybe I’ll need the end of the disk as well. Write access should only be allowed to the partitions, not to the outer disk parts. I’ve learnt about device-mapper some years ago on another occassion and revisited its docs. Encouraged, I’ve gone on my merry way and constructed the mapping, starting from the beginning, whereby I’ve eventually hit the current roadblock: When attempting to create the mapper device, dmsetup passed on an EBUSY error. I suspect this to have happened because one of the disk block device’s sub-devices, the partition block device with my Linux installation, currently being in use. For troubleshooting purposes, I’ve recreated the situation on a RAM disk (Does brd count as a Linux Arcanum by now?), which (from what I recall) made operations fail in the same manner in which they had failed on the true disk:

#!/bin/sh #This will obviously need root, or maybe CAPs.
[ -b /dev/ram0 ] && exit 1
   #In this script, I rely on brd not being in use and /dev/ram0 being created.
modprobe brd rd_nr=1 rd_size=261120 max_part=2 && [ -b /dev/ram0 ] || exit 2
sgdisk -a=8 -n=0:0:+100M -t=0:ef00 -n=0 -t=0:8304 /dev/ram0
#There’s no filesystem necessary on p1 for demonstration purposes.
mkfs.ext4 -i 6144 -O ext_attr,flex_bg,inline_data,metadata_csum,sparse_super2 /dev/ram0p2
   #Just some example filesystem, taken from my shell history grab-bag.
mkdir /tmp/ExampleMountpoint || exit 3
mount /dev/ram0p2 /tmp/ExampleMountpoint || exit 4
dmsetup create --readonly Example1 --table '0 33 linear /dev/ram0 0' #Output:
#device-mapper: reload ioctl on Example1 (253:0) failed: Device or resource busy
#Command failed.
   #The exit code is 1, but the error message matches EBUSY.
   #To no surprise, adding -f doesn’t help.
umount /tmp/ExampleMountpoint
dmsetup create --readonly Example2 --table '0 33 linear /dev/ram0 0'
   #This one works, but I need it to work with the partition mounted.
ls -l /dev/mapper/Example2
dmsetup remove Example2
#rm /tmp/ExampleMountpoint

On another StackExchange question I’ve found when I started out—I’ve searched for it twenty days ago when I’ve asked on some Linux forum about this (in vain), then I’ve searched for it today again, I really haven’t been able to dig it up a second time—there was an answer that revealed that I could get around the EBUSY status by employing a loop device as an intermediary before the real disk device:

mount /dev/ram0p2 /tmp/ExampleMountpoint #Remount.
LoopDev=$(losetup --show -f /dev/ram0)
dmsetup create --readonly Example2 --table '0 68 linear /dev/loop0 0'
   #Side note: Less than 68s makes sgdisk err out instead of printing the table.
   #This might be a bug, it should, by my reckoning, go down do 1+32+32+1 or even just 33s.
sgdisk -Pp "$LoopDev" #This should print some warnings, then the partition table created above.
losetup -d "$LoopDev"
umount /tmp/ExampleMountpoint
rm /tmp/ExampleMountpoint

So, when redirecting the disk block device through a loop device, dmsetup will comply instead of erring out. Caring much about my data (though I do have pulled an image onto a separate disk) I now wonder, whether this is actually safe to do and give the expected results in the greater scheme of things. (Among them, preventing corruption of partition 4 and the GPI, as well as allowing write access to the partitions 1 and 3 through the VM.) Are there any, I don’t know, additional I/O alignment gotchas to watch out for?

I open two terminal windows. In one, I run:

$ read foo

I don't press RETURN, so read is blocking. In the other terminal window, I search for the process:

$ ps -ef | grep foo
user        95292   94814  0 08:04 pts/11   00:00:00 grep foo

However, the running read process is not showing up? What am I doing wrong?

I was surprised to see that Gnome 3 extensions are updated automatically by Debian. Hence, I am wondering: Which community procedures or practices make it difficult to inject harmful code in this way?

I would like to run a flatpak program offline through the terminal (flatpak spoty runs as sudo!). I am looking for a simple command like: "runoffline" flatpak run application. What would be the fastest/best/safest way to ensure, that programs do not connect to the internet?

Hopefully this question is not off-topic: I find myself constantly scping files from a remote server, and I want to keep a bash script in GitHub that invokes scp and brings files. Is it safe to let the world know the server and the path from which I copy files? I know nothing about security, but is the following situation possible? Imagine somebody modifies one of the dependencies of my project (another open source project I don't own). In a function I call from that project, a person hides something that ssh and removes the files in my path. Should I simply gitignore my bash script, or is it safe?

This is a very basic question, and surely has been asked before, but I am having trouble finding the answer or guidance. There are e.g. these but they don't quite hit the mark: - https://unix.stackexchange.com/questions/653796/how-to-safely-remove-all-files-including-hidden-files-from-current-directory - https://unix.stackexchange.com/questions/442346/safely-define-an-environment-variable Essentially I just want to remove a temporary directory tree as part of a bash script, like so rm -rf $my_path But I'm a bit paranoid that somewhere else in the script it could be possible for $my_path to expand out into / or something equally bad. For example if somewhere there is my_path=$var1/$var2 and both $var1 and $var2 end up defaulting to empty strings or some such. What is the best practice way to write this kind of command into a script to avoid accidental enormous problems?

Recently I've been having the issue that some rpm commands (e.g. # rpm --rebuilddb fail due to this error: error: can't create transaction lock on /var/lib/rpm/.rpm.lock (Permission denied) It also seems this affects PackageKit as whenever I try to open GNOME Software's updates tab it says "Timeout was reached". To me, it seems like some rpm transaction was aborted while running and now the lock file is stuck there. I would just remove the file, but I'm not sure how to tell whether it's safe. [neboula@shock ~]$ file /var/lib/rpm/.rpm.lock /var/lib/rpm/.rpm.lock: empty [neboula@shock ~]$ pidof dnf [neboula@shock ~]$ pidof rpm This looks like it's safe, but I also have packagekitd (always) running, so I'm wondering: How can I safely remove this file given my circumstances?

I have a Raspberry Pi 4 (4GB) running Nextcloud on it. Because all my data and backups are saved on external USB drives I will encrypt them with a VeraCrypt container. Mounting and dismounting the container with VeraCrypt is working fine. I would like to mount my VeraCrypt container after booting. In my opinion there are two ways to do that: - Manually mount the Container after every boot via commandline and manually enter the container password, PIM, etc. - Automatically mount the container via script I would prefer the second solution but then I have to provide the password somehow. I could run the command veracrypt /media/backup/test.hc /media/backup/test/ --password=test --pim=20 -k "" --protect-hidden=no at startup but the password would be visible in the autostart file... (you could remove the sd card from the raspberry and just read out the password from the command above) So my question is: **Is there a reasonably safe way to automount my VeraCrypt container without making the decryption password visible and without manually typing the password?**

In Windows, there's an option to "safely remove hardware". Ignoring the fact that it almost always fails, and that most of the time I simply have to plug the device out, I get the initiative behind it (not completely though). So, when using Debian, when is it "safe" (i.e. not damaging to any party) to remove my external HDD? After it has been unmounted (Xfce seems to use the term "ejected" but I guess that's the same thing)? Or simply when there are no programs using the disk?

So I recently switched to Fedora Linux, and At least it eats 1.5 gigs of ram after I installed software, it ate 1.7, and I have a 4 gig system, so is it safe? I am referring to Memory

It's about a month that I see some unknown connections in nethogs and I tried to understand what program is responsible for them but I failed. 1. I'm not sure but it seems that my Internet connection becomes laggy or lost every time this connections appear 2. They only appear for a short time and as I notice them they are gone. 3. I'm from Iran. Every time these IPs show up, I can only open websites that are inside Iran (I mean the servers are in Iran) and I can't open any other website! That's really strange. Are these normal connections? If true, what are those for? If false what should I do? 192.168.1.2:53483-91.98.103.126:80 i was trying some of security tips.... i activated UFW and tried some tips from here: https://www.thefanclub.co.za/how-to/how-secure-ubuntu-1204-lts-server-part-1-basics (activated IP spoofing protection). Today the Internet problem happened again. I lost my access to non-Iranian servers/sites but the IPs didn't appeared in the NetHogs and the connection problem lasted for several minutes instead of seconds. I will update this post with more details(if any) hope you can understand the exact situation. Mint 17.1 Cinnamon -marked in red-: -marked in red-:

I am trying to see if I can find a user monitoring system for Linux. Technically I am looking for spyware that I can install on my system so when I let my little nephew use my laptop I know he isn't getting into trouble. I can find plenty for Windows but I can not seem to find any for Linux. I want to be able to get screen shots and get visited sites along with a keylogger. I googled this but there was almost nothing about spyware except the question about Canonical spying on people using Ubuntu with the metrics they collect. I am willing to look at something that has to be built from source if needed. I would prefer not to have to pay for anything either. I am also very new with posting to Stack Exchange, please let me know if I need to change anything in my post before hitting the -1 rep, thanks.

I installed elementary OS Juno on an old iMac 5,1. The Computer uses a 32bit EFI, which is not able to boot elementary OS Juno so I decided to follow Matt Gadients guide for a little workaround. You can find the workaround here: https://mattgadient.com/2016/07/11/linux-dvd-images-and-how-to-for-32-bit-efi-macs-late-2006-models/ I am wondering if this modified distro is still safe to use? Matt Gadient describes how to modify the isos with a little C program to make them bootable on an 32bit EFI Mac. I did not download the isos from that site, instead I just downloaded the c program from Matt's site, which you can find as a text here: https://dedicated.mattgadient.com/linux-mac-iso/isomacprog.c.txt I compiled the c programm with cc -g -Wall isomacprog.c -o isomacprog and modified the offical elementary OS Juno distro with it by doing something like ./isomacprog elementaryOSJuno.iso Bytw: the modified iso has the same MD5 checksum like the iso modified by Matt himself, so he definitley hasn't done anything else with the distros. I burned the iso to a DVD and installed it on the iMac. It is running just fine. Yet I haven't connected the computer to the internet since I am not sure if it is still safe to use. I don't know anything about c programing so I'd like to ask if this little c program does anything more than just making the distro bootable? Is it still safe to use this distro or contains it some kind of virus?

For mysterious reasons I still double boot sometimes into Windows. My problem is that I fear that information may leak because the RAM memory is accessible to Windows. (the Linux partitions are encrypted and the bootmedia is not inserted, though). Is there a way to setup (in a recent kernel and GNU/Linux based system) a way to have the kernel wipe the memory at shutdown? Also since LUKS plays an important role, does it wipe its memory at shutdown to avoid leakage and also "cold boot attack"?

I'm curious if anyone can help me with what the best way to protect potentially destructive command line options is for a linux command line application? To give a very hypothetical scenario: imagine a command line program that sets the maximum thermal setting for a processor before emergency power off. Lets further pretend that there are two main options, one of which is --max-temperature (in Celsius), which can be set to any integer between 30 & 50. There is also an override flag --melt which would disable the processor from shutting down via software regardless of how hot the processor got, until the system electrically/mechanically failed. Certainly such an option like --melt is dangerous, and could cause physical destruction at worst case. But again, lets pretend that this type of functionality is a requirement (albeit a strange one). The application has to run as root, but if there was a desire to help ensure the --melt option wasn't accidentally triggered by confused, or not experience users how would you do that? Certainly a very common anti-pattern (IMO) is to hide the option, so that --help or the man page doesn't reveal its existence, but that is security through obscurity and could have the unintended consequence of a user triggering it, but not being able to find out what it means. Another possibility is to change the flag to a command line argument that requires the user to pass --melt OVERRIDE, or some other token as a signifier that they REALLY mean to do this. Are there other mechanisms to accomplish the same goal?

I have a /var directory that sometimes gets too large for the partition it's on. It would be beneficial if I could mount this directory on a larger partition. I don't have physical access to this machine though. Only SSH and similar remote access. How can I remount /var **safely** on a machine that I don't have physical access to? The only solutions I know of involve boot discs or init 1, so the popular directory isn't accessed during the transition.

in my bash script, I have some very danger lines like : rm -r * if it is mis-run in some folder, it would be very disastrous.Basically, I would need to add an if condition to make this does not trigger unless I am a folder call blah_pew_blah, in that case the damage done is probably minimal... But how do I check it? Thank you.

Recently I've been doing some maintenance on a cloud-hosted server I run. My host is DreamHost, specifically their DreamCompute service and the server is running Debian 8.6. While cleaning up old files, I found a rather suspicious file located in / called EMPTY with a size of 3.3 GB. @ / % ls -alh total 3.3G drwxr-xr-x 22 root root 4.0K Sep 23 11:31 . drwxr-xr-x 22 root root 4.0K Sep 23 11:31 .. drwxrwxr-x 2 root root 4.0K Sep 23 11:20 bin drwxr-xr-x 3 root root 4.0K Sep 23 11:20 boot -rw-r--r-- 1 root root 30 Aug 24 08:30 config drwxr-xr-x 18 root root 3.0K Sep 23 11:31 dev -rw-r--r-- 1 root root 3.3G Mar 16 2016 EMPTY /boot/initrd.img-4.4.0-0.bpo.1-amd64 lrwxrwxrwx 1 root root 36 Mar 16 2016 initrd.img.old -> /boot/initrd.img-4.3.0-0.bpo.1-amd64 drwxr-xr-x 15 root root 4.0K Mar 16 2016 lib drwxr-xr-x 2 root root 4.0K Sep 23 11:20 lib64 drwx------ 2 root root 16K Mar 16 2016 lost+found drwxr-xr-x 3 root root 4.0K Mar 16 2016 media drwxr-xr-x 2 root root 4.0K Mar 16 2016 mnt drwxr-xr-x 6 root root 4.0K Jun 29 09:59 opt dr-xr-xr-x 157 root root 0 Sep 23 11:31 proc drwx------ 11 root root 4.0K Sep 23 21:18 root drwxr-xr-x 24 root root 820 Sep 24 06:25 run drwxr-xr-x 2 root root 4.0K Sep 23 11:20 sbin drwxr-xr-x 2 root root 4.0K Mar 16 2016 srv dr-xr-xr-x 13 root root 0 Sep 26 16:52 sys drwxrwxrwt 13 root root 4.0K Sep 26 16:51 tmp drwxr-xr-x 11 root root 4.0K Apr 16 09:38 usr drwxr-xr-x 12 root root 4.0K Jun 9 09:26 var lrwxrwxrwx 1 root root 32 Apr 11 13:37 vmlinuz -> boot/vmlinuz-4.4.0-0.bpo.1-amd64 lrwxrwxrwx 1 root root 32 Mar 16 2016 vmlinuz.old -> boot/vmlinuz-4.3.0-0.bpo.1-amd64 I attempted to use sed -n '/\S/ p' < EMPTY to check if the file really was empty of everything except whitespace and it didn't print any output. I then did sed '/\S/ p' < EMPTY && echo "$?" to make sure the command didn't crash part way through and it returned 0. I just want to confirm, though. Is this file safe to delete?

This is not a request for which distro (I intend to use arch + openbox as that's the setup I'm familiar with), but rather which tools can help me accomplish the following: I want to set up my sister's laptop so she can: 1. safely surf the web 2. watch movies / youtube 3. learn / practice 3.1 Languages 3.2 10 finger typing 4. listen to music and audiobooks The catch is that I have to 5. budget her time. She is only allowed 2h/day of 1)+2) 6. she should be able to "earn" more time via 3) or by doing sports/ going for a walk. There also should be a way to give her "vouchers" she can use to top up her time-budget. The time-budget should be split into two accounts: The daily(not used time is lost) and the earned (persistent but total amount that can be used per day should be limited) 7. The whole system has to be maintained remotely, as I no longer live at home and nobody else cares or has the skills. Research / Ideas so far: So for (1) I will go through these tools (user experiences would be appreciated): https://help.ubuntu.com/community/ParentalControls (2) VLC will do for DVD, but a "one-click" DVD ripper would be great so she does not have to carry a bunch of DVDs around (and its also quite noisy having the DVD in the drive) (3.1) I thought about installing a second browser which can be used for duolingo only. (3.2) I have no Idea which program is suitable to provide motivation and ease of use... (4) this should not take time from her budget. Easy mp3-ripping would be great. (5 + 6) That's the main question for me. I know there must be a way to log and limit program running time but that's totally out of my league right now. (7) Remote access using ssh or preferably a telegram-bot which is hard-coded to only communicate with me. For programming solutions lets assume I have basic knowledge of Java and I aspire to learn Python.