On Sat, 27 Feb 2021 15:19:39 +0300 Semih Ozlem <semihozlemlinuxu...@gmail.com> wrote:
> Should I then be suspicious of a possible attack on the system in > case the system fails, if both debian and ubuntu are fairly stable? > The usb flash drives themselves are still functional in the sense > that I can view the files in them after plugging them in. I backed up > the data on them. But when I try to boot from 64 gb usb flash disks > (one with ubuntu 18 04 the other debian 10 point something installed > on them) the boot process does not complete and the login screen does > not appear. The two recovery modes (I guess those are the snapshots > no?) do not finish booting either. > There are parts of the system that aren't files, that you're not checking. Grub writes a bootloader to the MBR of a normal drive, but a USB stick may not have a partition structure, in which case the bootloader will be written to the start of the drive. If this gets damaged, you can use a low-level disc utility to copy it out and check it, but the easier way is to boot from a rescue USB stick, then try to chroot into the faulty OS and update grub from there, which will rewrite the bootloader. The recovery mode is grub itself plus a number of utilities and drivers. From here, you can generally find drives and partitions, mount partitions and edit files if you can see what's wrong. It sounds like the early booting part of grub is itself damaged in your case. And no, LVM snapshots are nothing to do with boot or recovery processes, they are a means of freezing the files of an installed operating system so that a proper backup can be made while still allowing the system to run. Changes to files are stored in a buffer area, and read from there, then when the backup is finished the snapshot can be closed and the file changes will be merged back to the real file locations. The system will obviously run more slowly while the snapshot is open, but that may be far better than shutting it down for an offline backup. If you try to make an online backup without using this method, some files will change during the backup, meaning that the set of files that are written to the backup may not be consistent enough to run properly as a complete system. Certainly database daemons must be stopped, as well as anything else outside the core OS that makes persistent changes to files (e.g. a mail server). Most changing files are temporary, so it is often possible to get away with an online backup without a snapshot, particularly if you only ever need to restore single files or directories. Cloning a full working OS is generally best done offline, unless you have LVM plus space for the buffer. -- Joe
