r00ty

Linux secure boot was a little weird last I checked. The kernel and modules don’t need to be secure boot signed. Most distros can use shim to pass secure boot and then take over the secure boot process.

There are dkms kernel modules that are user compiled. These are signed using a machine owner key. So the machine owner could for sure compile their own malicious version and still be in a secure boot context.

It’s for backup purposes mainly. A lot of cloud backup providers don’t store permissions.

So if I restore the data I can then restore the permissions after. So these are the folders I am backing up (with some exceptions in /var)

OK so it’s fairly simple. You need to install the acl package (or whatever equivalent package contains getfacl/setfacl. Then you can use that to dump the data from an entire structure into a file (I also then bzip that). Then I backup all installed packages to help with a restore too.

So the script looks like:

#!/bin/bash
cd /etc
/usr/bin/getfacl -R . | /usr/bin/bzip2 -9 >PERMISSION_BACKUP.bz2
chmod 600 PERMISSION_BACKUP.bz2
cd /home
/usr/bin/getfacl -R . | /usr/bin/bzip2 -9 >PERMISSION_BACKUP.bz2
chmod 600 PERMISSION_BACKUP.bz2
cd /root
/usr/bin/getfacl -R . | /usr/bin/bzip2 -9 >PERMISSION_BACKUP.bz2
chmod 600 PERMISSION_BACKUP.bz2
cd /var
/usr/bin/getfacl -R . | /usr/bin/bzip2 -9 >PERMISSION_BACKUP.bz2
chmod 600 PERMISSION_BACKUP.bz2
/usr/bin/apt list --installed | /usr/bin/bzip2 -9 >/root/INSTALLED-PACKAGES.bz2
chmod 600 /root/INSTALLED-PACKAGES.bz2

To restore you change to the folder the backup was taken from, unbzip the file (or uncompress live via pipe) and use setfacl --restore=<file>

Yeah. Only on my phone right now but will get it and post here later/tomorrow.

I mean, too late for you now. But I have a script that backs up just the permissions and owners for a given folder hierarchy.

I use it because I backup to a cloud backup platform that doesn’t save them. So these files are backed up with the data so the files and permissions/owners can be restored in an emergency.

But you could of course also use the file to restore permissions after a user generated mistake too.

I did defederate from hexbear for a while a year or so ago. Just because at the time their users were generally just actively trolling for reactions in pretty much every community, and it just got too the point I defederated. I’ve since removed them from the defed list.

Generally I agree. But ML seems to have become a bit more clearly biased in their moderation. To me it’s not a reason to defed, but a reason to view the content they do allow in their hosted communities with that bias in mind.

I know the OP is using wifi calling as a solution. But since we’re talking voip providers.

I use voxbeam. But they’re wholesale, you need a fixed IP for incoming calls, their support are good. But they’re probably not going to want to help you with end-user type questions. They only support SIP. But, pricing is generally good and plenty of reasonably priced DID options.

That’s unusual. In the UK it’s generally only going to work if you’re in the UK. When I connect to my VPN (in my house, so residential IP), it’s hit and miss, the wifi calling icon will appear and disappear as it feels like. But otherwise it’s generally locked down.

In a professional sense my experience is that they’re more often the result of under-staffing and rigid, fixed release schedules.

The problem with rust, I always find is that when you’re from the previous coding generation like myself. Where I grew up on 8 bit machines with basic and assembly language that you could actually use moving into OO languages… I find that with rust, I’m always trying to shove a round block in a square hole.

When I look at other projects done originally in rust, I think they’re using a different design paradigm.

Not to say, what I make doesn’t work and isn’t still fast and mostly efficient (mostly…). But one example is, because I’m used to working with references and shoving them in different storage. Everything ends up surrounded by Rc<xxx> or Rc<RefCell<xxx>> and accessed with blah.as_ptr().borrow().x etc.

Nothing wrong with that, but the code (to me at least) feels messy in comparison to say C# which is where I do most of my day job work these days. But since I see often that things are done very different in rust projects I see online, I feel like to really get on with the language I need a design paradigm shift somewhere.

I do still persist with rust because I think it’s way more portable than other languages. By that I mean it will make executable files for linux and windows with the same code that really only needs the standard libraries installed on the machine. So when I think of writing a project I want to work on multi platforms, I’m generally looking at rust first these days.

I just realised this is programmerhumor. Sorry, not a very funny comment. Unless you’re a rust developer and laughing at my plight of trying to make rust work for me.