Stories
Slash Boxes
Comments

SoylentNews is people

posted by Fnord666 on Friday May 01 2020, @11:04AM   Printer-friendly
from the resistance-is-futile.-/home-will-be-assimilated dept.

Good News:

Linux home directory management is about to undergo major change:

With systemd 245 comes systemd-homed. Along with that, Linux admins will have to change the way they manage users and users' home directories.

[...] Prior to systemd every system and resource was managed by its own tool, which was clumsy and inefficient. Now? Controlling and managing systems on Linux is incredibly easy.

But one of the creators, Leannart Poettering, has always considered systemd to be incomplete. With the upcoming release of systemd 245, Poettering will take his system one step closer to completion. That step is by way of homed.

[...] let's take a look at the /home directory. This is a crucial directory in the Linux filesystem hierarchy, as it contains all user data and configurations. For some admins, this directory is so important, it is often placed on a separate partition or drive than the operating system. By doing this, user data is safe, even if the operating system were to implode.

However, the way /home is handled within the operating system makes migrating the /home directory not nearly as easy as it should be. Why? With the current iteration of systemd, user information (such as ID, full name, home directory, and shell) is stored in /etc/passwd and the password associated with that user is stored in /etc/shadow. The /etc/passwd file can be viewed by anyone, whereas /etc/shadow can only be viewed by those with admin or sudo privileges.

[...] Poettering has decided to make a drastic change. That change is homed. With homed, all information will be placed in a cryptographically signed JSON record for each user. That record will contain all user information such as username, group membership, and password hashes.

Each user home directory will be linked as LUKS-encrypted containers, with the encryption directly coupled to user login. Once systemd-homed detects a user has logged in, the associated home directory is decrypted. Once that user logs out, the home directory is automatically encrypted.

[...] Of course, such a major change doesn't come without its share of caveats. In the case of systemd-homed, that caveat comes by way of SSH. If a systemd-homed home directory is encrypted until a user successfully logs in, how will users be able to log in to a remote machine with SSH?

The big problem with that is the .ssh directory (where SSH stores known_hosts and authorized_keys) would be inaccessible while the user's home directory is encrypted. Of course Poettering knows of this shortcoming. To date, all of the work done with systemd-homed has been with the standard authentication process. You can be sure that Poettering will come up with a solution that takes SSH into consideration.

Older articles:

Will systemd be considered complete once the kernel and boot loader have been absorbed into systemd?


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 3, Insightful) by Anonymous Coward on Friday May 01 2020, @11:58AM (8 children)

    by Anonymous Coward on Friday May 01 2020, @11:58AM (#988876)

    It's called 'not in house syndrome' with a touch of 'we sell support so lets make this as difficult to use without it on purpose'.

    Starting Score:    0  points
    Moderation   +3  
       Insightful=2, Informative=1, Total=3
    Extra 'Insightful' Modifier   0  

    Total Score:   3  
  • (Score: 0) by Anonymous Coward on Friday May 01 2020, @12:54PM (7 children)

    by Anonymous Coward on Friday May 01 2020, @12:54PM (#988907)

    I haven't dug into homectl yet, but everything else in systemd is trivially easy to learn. We run CentOS at work and we've never had to pay consultants. Most of our sysadmins have been Linux sysadmins since before systemd was created, and they all made the transition effortlessly. Thousands of servers, no problems related to the init system.

    I think your point stands in general. "Well sell support so lets make this as difficult to use without it on purpose" seems to be the business model for Oracle databases, Enterprise Java Beans, Microsoft Group Policies, and lots of other so-called enterprise products. But regardless of the technical merits or flaws in systemd, you can learn everything you need to know about it in a day or two just from reading the public documentation or the man pages.

    • (Score: 0) by Anonymous Coward on Friday May 01 2020, @01:04PM

      by Anonymous Coward on Friday May 01 2020, @01:04PM (#988917)

      >you can relearn everything you already know about it in a day or two

      FTFY. Those days sure add up when it's happening to everything all the time.

    • (Score: 2) by janrinok on Friday May 01 2020, @01:14PM (4 children)

      by janrinok (52) Subscriber Badge on Friday May 01 2020, @01:14PM (#988927) Journal
      I agree with you, but you won't convince many people here. I switch my computers on and they all work. Stopping or starting tasks is simple and takes care of all of the child processes too with no issues. Creating new service scripts is dead easy and they all go in standardised places. I just get on with my work and don't even notice that it is there.
      • (Score: 2) by Arik on Friday May 01 2020, @01:45PM (2 children)

        by Arik (4543) on Friday May 01 2020, @01:45PM (#988945) Journal
        "I switch my computers on and they all work. Stopping or starting tasks is simple and takes care of all of the child processes too with no issues. Creating new service scripts is dead easy and they all go in standardised places. I just get on with my work and don't even notice that it is there."

        This sounds deliberately short-sighted.

        /As long as it doesn't cause me any immediate difficulty, I'll just plod right on and not think about it./

        I'm sure that way of doing things never came came back to bite anyone in the arse. </sarcasm>
        --
        If laughter is the best medicine, who are the best doctors?
        • (Score: 0) by Anonymous Coward on Friday May 01 2020, @04:16PM (1 child)

          by Anonymous Coward on Friday May 01 2020, @04:16PM (#989021)

          Oh that's right. I'm going to get right on writing my own C compiler, and git implementation, shell, and text editor. Thank god you spoke up.

          • (Score: 0) by Anonymous Coward on Friday May 01 2020, @05:42PM

            by Anonymous Coward on Friday May 01 2020, @05:42PM (#989069)

            Those are horrible examples you bring up. Those programs have been written by teams of competent developers. They also have a history of fixing important issues that get raised because they don't see bugs being pointed out as an attack on their egos. I trust those programs to be handled in a competent manner.

      • (Score: 0) by Anonymous Coward on Monday May 04 2020, @06:34PM

        by Anonymous Coward on Monday May 04 2020, @06:34PM (#990370)

        things were like this long before you were able to own a computer but nice try stupid shill

    • (Score: 2) by Bot on Saturday May 02 2020, @10:50PM

      by Bot (3902) on Saturday May 02 2020, @10:50PM (#989622) Journal

      And here we prove parallel universes do exist.

      --
      Account abandoned.