
On 23/04/2015 7:51 PM, Craig Sanders wrote:
On Thu, Apr 23, 2015 at 04:59:21AM +0000, Toby Corkindale wrote:
find -type f crypted -exec rewrite_file \{\} \; where rewrite_file does something like cp $FILE tmp_file rm $FILE mv tmp_file $FILE
if you're going to do something like this then use 'cp -a' to preserve file ownership, group, permissions, and timestamps.
Yes, but rsync would be better. I hate it when I see "cp" without at least "cp -p" ... ;-) Having a 3 way RAID-1 disk set would be the way to go, take one disk out of RAID and LUKS that disk, then add the LUKS volume back in as a RAID component, let it sync; when done do the same for each other mirror disk that you want to keep. Oh and if you are going to LUKS encrypt the root file system, then you'll need to consider other things. I use dropbear to enter pass phrases at boot time via ssh with "cryptsetup luksOpen ...." for each container and then LVM to provide all the required file systems (including root). A.