First of all, I installed Manjaro yesterday, I did all the asked updates with pamac, I updated the Kernel version from 5.9.16-1 to 5.10.7-3 and I’m kind of a newbie with Linux.
This morning I tried to launch my laptop which has only Manjaro installed in it but the launch was stuck before the kernel init. I had the Asus logo showing indefinitely. I think it was due to the Kernel update. I searched for a solution on the internet and found one.
Below are some of the manipulations I did :
Boot with a bootable key (I took the usbKey I used in order to install Manjaro)
Open a terminal as super user
Mount the real installed manjaro partition with the command mount /dev/sdaX /mnt
Some other commands after that, but it’s not the subject.
So basically I just had all access to my real /home/* from a bootable key which means everyone with this process can access to my files.
Is it normal ? Is it a security issue ? would I had encrypted my partition to avoid that ?
I’m glad that I could solve my problem with these workaround but still, I don’t feel like it’s normal …
Yes, it is. The only way around that would be to encrypt your /home ─ provided that it’s on a separate filesystem, or else you’ll have to encrypt the root filesystem as a whole.
There are tutorials on how to go about this, but if you’re new to GNU/Linux, then that’s a steep learning curve.
Look at it this way: everyone with physical access to your machine is essentially a potential security hazard. They can open up your machine and take the drive with them, and have it decrypted somewhere ─ at least, in theory.
It comes down to accessing data stocked on a drive / partition.
Manjaro as an OS can provide restrictions to access / execution to files based on file permissions. But this can only apply when access is done through Manjaro.
Any drive / partition can theoretically be accessed from any system, you only need to boot from another system or move the drive to that computer.
The only way to prevent unauthorized access to data is through encryption.
Note that an encrypted drive / partition can be accessed from any system as long as you have the key. Once a drive is decrypted, the same permission logic as above applies.
I don’t feel to touch much my configuration until I know better about Linux, it’s too easy to destroy a Linux this way without good knowledges.
It’s for personal use at home so as you said, it would be the same if someone would take my disk away !
I have a few docs that i keep in 7z files password protected with ark.
Bit of a mid way between full encryption and open to all and is enough for some privacy on this home pc but probably not enough to stop a determined burglar etc (at which point i have bigger issues).