On 2020-09-12 09:10, rhkramer@gmail.com wrote:
I'm thinking about putting my backup encrypted files in a LUKS filesystem within
a file instead of on a dedicated partition (for a few reasons).
I have two questions about that:
* if I don't have that LUKS filesystem "mounted" and open and I write to it,
I assume (or hope) that nothing will get written and I will get a warning or
error message of some sort?
AIUI "LUKS volumes" are "opened" and "closed", and "filesystems" are "mounted" and "unmounted".
If you issue a command that writes into a file containing a LUKS volume, open or closed, you will corrupt things:
https://lists.debian.org/debian-user/2020/08/msg00690.html
* doesn't exactly apply to this situation, but, on the other hand, if my
"source" / original / non-backup LUKS system is in a file instead of on a
dedicated partition, and I use commands (like rsync or such) to copy the
unencrypted files not on the LUKS system, but I use options like the ones to
stay on the current filesystem (--one-file-system), I assume (or hope) that the
stuff in the encrypted partition will not get copied?
When using the rsync(1) with the "--recursive" option, adding the "--one-file-system" option prevents rsync(1) from recursing into mount points under SRC.
For example, my workstations include the directory "/home/dpchrist/samba/dpchrist". It is the mount point for a share on the server "samba". The server data is backed up by one job. Workstation home directories are backed up by another job. The home directory backup jobs use the "--one-file-system" option, so that the server data is not backed up multiple times.
I would avoid issuing one rsync(1) command that includes both a LUKS/ filesystem image file and its mount point as SRC arguments or under SRC arguments. It might "work", but the results could be surprising.
David