Stories
Slash Boxes
Comments

SoylentNews is people

posted by Fnord666 on Friday May 01 2020, @11:04AM   Printer-friendly
from the resistance-is-futile.-/home-will-be-assimilated dept.

Good News:

Linux home directory management is about to undergo major change:

With systemd 245 comes systemd-homed. Along with that, Linux admins will have to change the way they manage users and users' home directories.

[...] Prior to systemd every system and resource was managed by its own tool, which was clumsy and inefficient. Now? Controlling and managing systems on Linux is incredibly easy.

But one of the creators, Leannart Poettering, has always considered systemd to be incomplete. With the upcoming release of systemd 245, Poettering will take his system one step closer to completion. That step is by way of homed.

[...] let's take a look at the /home directory. This is a crucial directory in the Linux filesystem hierarchy, as it contains all user data and configurations. For some admins, this directory is so important, it is often placed on a separate partition or drive than the operating system. By doing this, user data is safe, even if the operating system were to implode.

However, the way /home is handled within the operating system makes migrating the /home directory not nearly as easy as it should be. Why? With the current iteration of systemd, user information (such as ID, full name, home directory, and shell) is stored in /etc/passwd and the password associated with that user is stored in /etc/shadow. The /etc/passwd file can be viewed by anyone, whereas /etc/shadow can only be viewed by those with admin or sudo privileges.

[...] Poettering has decided to make a drastic change. That change is homed. With homed, all information will be placed in a cryptographically signed JSON record for each user. That record will contain all user information such as username, group membership, and password hashes.

Each user home directory will be linked as LUKS-encrypted containers, with the encryption directly coupled to user login. Once systemd-homed detects a user has logged in, the associated home directory is decrypted. Once that user logs out, the home directory is automatically encrypted.

[...] Of course, such a major change doesn't come without its share of caveats. In the case of systemd-homed, that caveat comes by way of SSH. If a systemd-homed home directory is encrypted until a user successfully logs in, how will users be able to log in to a remote machine with SSH?

The big problem with that is the .ssh directory (where SSH stores known_hosts and authorized_keys) would be inaccessible while the user's home directory is encrypted. Of course Poettering knows of this shortcoming. To date, all of the work done with systemd-homed has been with the standard authentication process. You can be sure that Poettering will come up with a solution that takes SSH into consideration.

Older articles:

Will systemd be considered complete once the kernel and boot loader have been absorbed into systemd?


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 5, Insightful) by gtomorrow on Friday May 01 2020, @11:59AM (27 children)

    by gtomorrow (2230) on Friday May 01 2020, @11:59AM (#988877)

    Prior to systemd every system and resource was managed by its own tool, which was clumsy and inefficient.

    Says who?

    I just recently commented in another article saying how systemd leaves me neither hot nor cold. Not anymore. I guess the new rule is "keep fucking with Linux until even the systemd supporters can't defend it." Keep encroaching on user territory until it's Windows...or Android.

    Starting Score:    1  point
    Moderation   +4  
       Insightful=4, Total=4
    Extra 'Insightful' Modifier   0  
    Karma-Bonus Modifier   +1  

    Total Score:   5  
  • (Score: 0) by Anonymous Coward on Friday May 01 2020, @12:02PM (4 children)

    by Anonymous Coward on Friday May 01 2020, @12:02PM (#988880)

    https://en.wikipedia.org/wiki/Google_Fuchsia [wikipedia.org]

    Use a superior kernel.

    • (Score: 2) by gtomorrow on Friday May 01 2020, @05:46PM (3 children)

      by gtomorrow (2230) on Friday May 01 2020, @05:46PM (#989073)

      I'm sorry, anonymous idiot. Maybe you didn't get the gist of my message.

      After I'm saying that I was systemd "agnostic" and now systemd wants to control my /home directory (which I just can't justify), why would you suggest my looking straight into the Heart of Darkness? Spite? Is it because you're an idiot? Or are you saying, "you think systemd has its nose in your bidness? Look at what the masters have been cooking up! They can see up your neighbor's ass from looking up yours!"

      • (Score: 2) by janrinok on Saturday May 02 2020, @07:15AM (2 children)

        by janrinok (52) Subscriber Badge on Saturday May 02 2020, @07:15AM (#989367) Journal
        The homed is at the user discretion. If you want to keep your home directory as it is now - and retain SSH access - then you can.
        • (Score: 4, Insightful) by gtomorrow on Saturday May 02 2020, @07:55AM

          by gtomorrow (2230) on Saturday May 02 2020, @07:55AM (#989377)

          Dear janrinok, as someone in this record-breaking comment-fest has already said...

          For now.

          History regarding similar moves (in not only computing) has bore this hypothesis out.

        • (Score: 1, Insightful) by Anonymous Coward on Saturday May 02 2020, @02:39PM

          by Anonymous Coward on Saturday May 02 2020, @02:39PM (#989483)

          That sounds like what Firefox and Chrome say about their shitty changes to the browser UI.

          For now..

          Or is this just another variant of 'pray I don't alter it any further'

  • (Score: 5, Insightful) by JoeMerchant on Friday May 01 2020, @12:47PM (3 children)

    by JoeMerchant (3937) on Friday May 01 2020, @12:47PM (#988902)

    Fuck Android. I mean, really. Every time I look at it and think: "gotta get me into this ecosystem, so much potential in the hardware" I just get mired in their special ways of doing everything - and that's O.K., until those special ways get revised every year into other special ways no longer compatible with the last 3 special ways you had to implement just to port a simple app from the desktop into the handheld.

    I thought MS DOS/Windows was a treadmill, but Android is a fucking hamster wheel hooked up to a jet turbine.

    --
    🌻🌻 [google.com]
    • (Score: 2) by takyon on Friday May 01 2020, @12:55PM (1 child)

      by takyon (881) <reversethis-{gro ... s} {ta} {noykat}> on Friday May 01 2020, @12:55PM (#988909) Journal

      It looks like it's slowing down.

      https://en.wikipedia.org/wiki/Android_11 [wikipedia.org]

      --
      [SIG] 10/28/2017: Soylent Upgrade v14 [soylentnews.org]
      • (Score: 4, Informative) by JoeMerchant on Friday May 01 2020, @01:10PM

        by JoeMerchant (3937) on Friday May 01 2020, @01:10PM (#988922)

        Don't let the 11 fool you, it's the 18th version - at least.

        I bought a SIM card holding Android 8 based smartwatch thinking I'd use it to make a tracker app. Got as far as putting pins on maps that tracked me around, but got mired in trying to have it chirp the current location data out to a MQTT server. That was a year ago. Looked back at again last week, and everything has literally changed again for 9 since I last touched it.

        --
        🌻🌻 [google.com]
    • (Score: 4, Insightful) by Anonymous Coward on Friday May 01 2020, @12:58PM

      by Anonymous Coward on Friday May 01 2020, @12:58PM (#988911)

      This.

      Stop moving everything. Firefox is egregious at this too - the entire knowledge base of about config hacks, add-ons and userChrome.css gets erased every 2 years. For what? Nothing. Some new menu is even smaller and harder to launch than previously.

  • (Score: 4, Insightful) by rigrig on Friday May 01 2020, @01:13PM (17 children)

    by rigrig (5129) Subscriber Badge <soylentnews@tubul.net> on Friday May 01 2020, @01:13PM (#988924) Homepage

    I guess the new rule is "keep fucking with Linux until even the systemd supporters can't defend it."

    I always figured it was "keep complicating Linux until everybody needs a Red Hat support contract to use it"

    --
    No one remembers the singer.
    • (Score: 0, Troll) by Anonymous Coward on Friday May 01 2020, @04:14PM (16 children)

      by Anonymous Coward on Friday May 01 2020, @04:14PM (#989018)

      I've posted this elsewhere and I'll repeat it - I work with a team of sysadmins that were running fleets of Linux servers before systemd. The switch to systemd was painless, and we use CentOS. No support contracts, and no headaches related to the init system.

      The systemd learning curve is less than two days, really, and the man pages are really good if you forget something.

      Holy hell, if 3% of the energy put into systemd bashing was put into non-systemd Linux distributions, Gentoo or Void or whatever would have conquered the fucking world by now.

      • (Score: 2) by gtomorrow on Friday May 01 2020, @05:40PM (10 children)

        by gtomorrow (2230) on Friday May 01 2020, @05:40PM (#989066)

        Hey, anonymous coward sysadmin! Defend this encroachment on /home. Where's the (better-be-enormous)benefit?

        • (Score: 0) by Anonymous Coward on Friday May 01 2020, @06:44PM (8 children)

          by Anonymous Coward on Friday May 01 2020, @06:44PM (#989098)

          different anon here. i don't give a shit about this "encroachment". i use systemd for almost everything and i like it too. use a non-systemd distro if you don't like it.

          • (Score: 2) by gtomorrow on Friday May 01 2020, @09:31PM (7 children)

            by gtomorrow (2230) on Friday May 01 2020, @09:31PM (#989207)

            Hey, anon coward. Thanks for taking the time out of your busy day to enlighten us all on the subject at hand.

            Oh, wait...you didn't.

            • (Score: 2) by janrinok on Saturday May 02 2020, @07:22AM (6 children)

              by janrinok (52) Subscriber Badge on Saturday May 02 2020, @07:22AM (#989368) Journal

              Well you might not like people disagreeing with you, but not everybody has has a problem adapting to systemd, and some people actually like it. I assume that you don't use a systemd distro? So what is you problem with other people using it?

              This is an OPTIONAL facility that will only affect those using systemd and who chose to activate it. By all means criticise it from a technological point of view but you shouldn't expect everyone to have your opinion too. Just because it is TWO different ACs making their views known doesn't devalue their opinion - or have you missed all the efforts that we have taken to make this place AC-Friendly?

              • (Score: 5, Insightful) by gtomorrow on Saturday May 02 2020, @08:47AM (5 children)

                by gtomorrow (2230) on Saturday May 02 2020, @08:47AM (#989386)

                Do you have a problem with me? Did you not read my comments regarding my personal opinion on systemd or are you getting up the sphincter of anybody that doesn't agree with you (me just being a lucky target)?

                Regarding the two poor little Anonymous COWARDS, they were replying to me and not you. I asked two different and simple questions. One genius points me to the Heart of Darkness and the other responds, "works for me, you stink na na na-naaa na." I'll responding accordingly, thank you. Anonymous-Coward-friendly my hairy ass. Gee, I hope they're all right, poor things.

                A largesse for your non-existent short-term memory and to avoid any confusion in the future, I'll repeat and even elaborate:

                I don't (actually now, didn't) care one way or another regarding systemd (Ubuntu user since...8.04?). It, up until now, didn't affect my computers, my output or my wonderful life. I had no skin in the game beyond having to learn a few new commands and un-learning others. I'm pretty adaptable in regards.

                I stood aside listening as the eggheads here (and elsewhere) debated and disputed the benefits and improvements of this no-longer-new init system, the admittedly strange inclusion (read: "surrender") to it by most of the distros, and this self-appointed (benevolent?) "dictator"'s method of handling the "community" of users and programmers that were in no way a minor part of making Linux as an operating system what it is today (my take:"my way or the highway.").

                Now I, mere Ubuntu (systemd) end-user, learn that systemd wants control, yes, control of my /home folder and it wants it today, with the distinct possibility that things will go pear-shaped if using an encrypted /home folder (which, look at that, I do!), with even its creator says it's not working as advertised and so magnanimously makes it an "option"...for now. And you're advocating this?!

                There are reasons I use Linux, one being a modicum of privacy not afforded by the commercial OSes available. If Linux, for whatever conspiratorial reasons that can be named, is ultimately being groomed to become Windows with its arcane registry, security nightmares, constant user spying and whatever other joys that come with being Windows, I have a more-than-slight problem with that, sir. Linux used to be an island away from that nonsense. I don't need some script-kid to open my DVD-drive via HTTP.

                And you're fine with all this? Wait...don't answer that. I don't think I want to hear from you again for at least today and at least regarding this article as you have shown your true colors proudly. This is a big, big virtual forum...go sit somewhere else.

                • (Score: 2) by janrinok on Saturday May 02 2020, @12:43PM (3 children)

                  by janrinok (52) Subscriber Badge on Saturday May 02 2020, @12:43PM (#989437) Journal

                  You seem to have taken offence to something in the comment that I made - I can assure you that no offence was intended and I apologise if my comment has been misconstrued. You have made comments elsewhere that have positively contributed to the discussion and I was merely surprised.

                  As for my 'true colours', I can only point out the claimed advantages [linuxreviews.org] including enhanced security of a user's data:

                  Encrypted folders are not new, most Linux distributions have had support for full disk encryption using LUKS for quite some time. It works. It's fine. But it does have some slight problems. Full disk encryption means that the encryption password, the only important password when it comes to protecting your data, has to be known by everyone who is using a computer on a regular basis. Encrypting each user's home directory with a personal key is a fundamentally far better and more logical approach.

                  Suspending computers to RAM is also an issue when full disk encryption is used since the encryption keys are kept in RAM while the machine is sleeping. Suspending to disk (hibernating) instead of RAM does solve that one. Most do not use that solution either because both suspending and restoring the system takes longer or because they are unaware that cold-boot attacks are a very real threat to cryptographic security. systemd-homed solves the suspend to RAM case by unmounting home directories before the machine suspends to RAM.

                  The ability to easily move home directories around is another clear advantage. This is not just handy if you want your /home/you on a USB stick, it is also very handy when you buy a new computer.

                  There's also support for remote CIFS mounted directories built right into systemd-homed. Those who administer a large number of computers within an organization will likely find those aspects of it to be very appealing.

                  As someone who does encrypt all of his data the security benefits are of interest to me but, of course, these may not be of interest to everybody. And the use of homed is entirely optional by using 'systemctl mask homed' which prevents it from ever being started even if another service depends upon it.

                  Again, I apologise if I have inadvertently caused you any offence.

                  • (Score: 2) by gtomorrow on Saturday May 02 2020, @01:26PM (2 children)

                    by gtomorrow (2230) on Saturday May 02 2020, @01:26PM (#989448)

                    1...2...3...4...5...6...7..8...9...

                    This is a big, big virtual forum...go sit somewhere else.

                    ...and yet, here you are again. Non-comment-reading-yet-still-replying, thread-losing, obtuse janrinok. The same janrinok who I explained in my last reply that my /home folder is encrypted, hence my concern about homed.

                    I'm no more "offended" by you than by anyone else who butts into my conversation with someone else and then has the nerve to reprimand me. I think "annoyed" is more the word. Thanks for nothing for your "I feel I have to apologize but I'm not sure why" apology. You could have saved yourself the trouble by just not responding.

                    Don't go away mad...

                    • (Score: 0) by Anonymous Coward on Saturday May 02 2020, @01:55PM

                      by Anonymous Coward on Saturday May 02 2020, @01:55PM (#989459)

                      lol we can tell who is mad in this thread. But I don't blame you for raging, I blame Poettering.

                    • (Score: 2) by janrinok on Saturday May 02 2020, @02:05PM

                      by janrinok (52) Subscriber Badge on Saturday May 02 2020, @02:05PM (#989466) Journal
                      I won't.
                • (Score: 0) by Anonymous Coward on Saturday May 02 2020, @07:03PM

                  by Anonymous Coward on Saturday May 02 2020, @07:03PM (#989557)

                  You think if you post your name all over the internet like a good little slave you're going to get to sit closer to the master at the dinner table? You're the fucking coward who doesn't have the guts to stand up for your own privacy. You probably send your own kids to be raised by the state and fund the IRS too. You probably suck up to pigs too.

        • (Score: 2) by fido_dogstoyevsky on Friday May 01 2020, @11:25PM

          by fido_dogstoyevsky (131) <axehandleNO@SPAMgmail.com> on Friday May 01 2020, @11:25PM (#989256)

          ...Defend this encroachment on /home. Where's the (better-be-enormous)benefit?

          It increases systemd's reach.

          --
          It's NOT a conspiracy... it's a plot.
      • (Score: 2, Informative) by Anonymous Coward on Friday May 01 2020, @07:04PM (1 child)

        by Anonymous Coward on Friday May 01 2020, @07:04PM (#989113)

        How nice for you. My experience with SystemD has been very different. Ever since the switch to it, I run in to all sorts of problems that never happened before, and yes, they're all SystemD's fault. Networking issues are a surprisingly large amount of them, including systems not shutting down because they get in odd SystemD loops that never finish. More recently, I had a box that suddenly decided it was going to go into suspend mode after being up for about 5 minutes, and kept doing it. Logs show that SystemD is triggering this, but not why it's doing so. Such fun to troubleshoot this shit remotely.

        Lots of the push-back to SystemD is because they want to rework everything else the way they want it to happen, instead of how it's been done in the past. They've very much ignored the unix philosophy, and it keeps getting worse. I've already switched to Devuan wherever possible, but since we have to support clients that use RHEL and Ubuntu and the like, I can't get away from the festering bowl of dog snot that is SystemD.

        Oh, and the problem isn't learning new things. The problem is that the new things aren't working. And letting all this be designed by Pottering, who could system architect his way out of a wet paper bag, just makes it look like a bid for service revenue.

        • (Score: 2, Insightful) by Anonymous Coward on Friday May 01 2020, @08:12PM

          by Anonymous Coward on Friday May 01 2020, @08:12PM (#989167)

          The problem with systemd is similar to the problem with pulseaudio and other replacements to older systems. They make it easier to do the common situations, or at least the developer's vision of "common." But the tradeoff is that once you get out of those situations, things become harder. If your experience doesn't match up with what the developer believes sees as common, good luck to you.

      • (Score: 2) by sjames on Sunday May 03 2020, @06:39PM (2 children)

        by sjames (2882) on Sunday May 03 2020, @06:39PM (#989863) Journal

        On the other hand, I've found that VMs that used to just work every time now occasionally just decide to go into the emergency shell when they're rebooted. There's never actually anything wrong, just systemd deciding it didn't feel like it.

        Unfortunately, it's practically impossible to track down since there's literally hundreds of interlocking config files using broken COMEFROM logic and no understanding of the imperitive. No, upping the network interface is NOT optional on a remote server. No, mounting the specified file systems is not optional. Starting Apache on the web server wasn't a suggestion.

        If you actually want to have networking, it's best to kill NetworkManager dead.

        Now, in your scenario, what functionality was GAINED? That is, what can you do now that you couldn't do before?

        • (Score: 2) by The Mighty Buzzard on Monday May 04 2020, @12:28PM

          Cuss more skillfully.

          --
          My rights don't end where your fear begins.
        • (Score: 1) by DECbot on Monday May 04 2020, @08:19PM

          by DECbot (832) on Monday May 04 2020, @08:19PM (#990412) Journal

          Now, in your scenario, what functionality was GAINED? That is, what can you do now that you couldn't do before?

          You now have a legitimate reason for why you have no fucking clue what caused the VM to break. And now you can blame that on systemd and wait for RH to develop a fix--wait, not-a-bug.

          --
          cats~$ sudo chown -R us /home/base