SoylentNews is people
SoylentNews
from the resistance-is-futile.-/home-will-be-assimilated dept.
Good News:
Linux home directory management is about to undergo major change:
With systemd 245 comes systemd-homed. Along with that, Linux admins will have to change the way they manage users and users' home directories.
[...] Prior to systemd every system and resource was managed by its own tool, which was clumsy and inefficient. Now? Controlling and managing systems on Linux is incredibly easy.
But one of the creators, Leannart Poettering, has always considered systemd to be incomplete. With the upcoming release of systemd 245, Poettering will take his system one step closer to completion. That step is by way of homed.
[...] let's take a look at the /home directory. This is a crucial directory in the Linux filesystem hierarchy, as it contains all user data and configurations. For some admins, this directory is so important, it is often placed on a separate partition or drive than the operating system. By doing this, user data is safe, even if the operating system were to implode.
However, the way /home is handled within the operating system makes migrating the /home directory not nearly as easy as it should be. Why? With the current iteration of systemd, user information (such as ID, full name, home directory, and shell) is stored in /etc/passwd and the password associated with that user is stored in /etc/shadow. The /etc/passwd file can be viewed by anyone, whereas /etc/shadow can only be viewed by those with admin or sudo privileges.
[...] Poettering has decided to make a drastic change. That change is homed. With homed, all information will be placed in a cryptographically signed JSON record for each user. That record will contain all user information such as username, group membership, and password hashes.
Each user home directory will be linked as LUKS-encrypted containers, with the encryption directly coupled to user login. Once systemd-homed detects a user has logged in, the associated home directory is decrypted. Once that user logs out, the home directory is automatically encrypted.
[...] Of course, such a major change doesn't come without its share of caveats. In the case of systemd-homed, that caveat comes by way of SSH. If a systemd-homed home directory is encrypted until a user successfully logs in, how will users be able to log in to a remote machine with SSH?
The big problem with that is the .ssh directory (where SSH stores known_hosts and authorized_keys) would be inaccessible while the user's home directory is encrypted. Of course Poettering knows of this shortcoming. To date, all of the work done with systemd-homed has been with the standard authentication process. You can be sure that Poettering will come up with a solution that takes SSH into consideration.
Older articles:
- Pack Your Bags – Systemd Is Taking You To A New Home
- Systemd-Homed Merged As A Fundamental Change To Linux Home Directories
Will systemd be considered complete once the kernel and boot loader have been absorbed into systemd?
(Score: 5, Insightful) by SemperOSS on Friday May 01 2020, @12:22PM (8 children)
So, let me get this right, you think that instead of complaining of a completely strange and unnecessary behaviour that does not make sense, people should fork the program and correct it themselves?
That, unfortunately, is not a viable solution for most people … and not a good solution either. The problem with systemd is that Lennart Poettering does not listen to anyone but himself and that he does not care whether what he creates makes sense or not, whether it adds value or not. He wants it and most of the rest of the Linux world has to suffer!
I still wonder how a person with such traits as LP's ever got so much power and why some people thinks he is such a genius?
I don't need a signature to draw attention to myself.
Maybe I should add a sarcasm warning now and again?
(Score: 4, Insightful) by Grishnakh on Friday May 01 2020, @03:13PM (6 children)
So, let me get this right, you think that instead of complaining of a completely strange and unnecessary behaviour that does not make sense, people should fork the program and correct it themselves?
Did you miss the bit about the Code of Conduct?
Honestly, some people are really sarcasm-impaired; this should have been totally obviously from the AC's post.
I still wonder how a person with such traits as LP's ever got so much power and why some people thinks he is such a genius?
This is just human psychology. I've seen it many times. I can't quite explain it myself (if I could reliably predict it, I'd probably be very wealthy), but it seems that people love to latch onto certain outspoken people as "visionaries" or somesuch, and form cult followings around them. I saw this at a former workplace: half the employees seemed to have an almost cult-like following for the department head, and always spoke in glowing terms about him. It was really bizarre. The guy wasn't a bad guy or anything, but he wasn't any "visionary" or genius, he was just a guy in a suit. He wasn't even particularly inspiring when he did speeches at department meetings. I think a lot of it is confidence and putting yourself out there; lots of people like to be followers and look for someone to follow. It's how actual cults get started and go as far as they do, even sometimes to drinking Kool-aid.
(Score: 5, Interesting) by RS3 on Friday May 01 2020, @04:57PM (5 children)
Thank you, you beat me to it. I've been misunderstood when I thought the sarcasm was very obvious, so I now include /s or something for those who don't (understandably) get it.
I don't mind things like systemd, if they're optional. But it really is taking over.
I think the reason Poettering et al are rewarded is what has been my biggest gripe for 30+ years- non-technical people are making technical decisions that they have NO business making. Space Shuttle Challenger is a huge example I often refer to. Engineers said "don't launch, it will blow up", managers said "we're boss, launch". I had hoped the world would learn, yet the problem continues.
Certain people have some kind of sales appeal that the MBA / manager-types like. It involves a certain amount of polished BS. If I was really smart, I'd have either changed careers, or learned the craft. But I'm so ethically opposed to BS that I can't do it.
I've heard, several times, that when you present something to a boss, you have to carefully orchestrate and present the various options to pretty much steer the boss into the correct one. We tech-types are too open with info, and the bosses often just don't get it. Their huge egos make them act like they get it, and they have to be assertive to hold their boss position (and hide their ignorance). The few times I've done it I feel like I've done something dirty and unethical, and that I've played into and perpetuated a very broken system. A great recent example is Boeing 737 MAX killing machine. And from what I'm reading, they STILL don't get it. I wish I could see an answer...
(Score: 2) by Grishnakh on Friday May 01 2020, @06:47PM (3 children)
I think the reason Poettering et al are rewarded is what has been my biggest gripe for 30+ years- non-technical people are making technical decisions that they have NO business making.
I don't follow here. Poettering *is* a technical person. You may not agree with his technical direction, but he's not some dumb manager who doesn't know how to write code, he's the principal programmer for systemd. There are a fair number of technical people who cross over into leadership roles, with differing levels of success.
A great recent example is Boeing 737 MAX killing machine. And from what I'm reading, they STILL don't get it.
True, but even here, the disgraced CEO, Dennis Muilenberg, was himself an engineer before he rose to the executive ranks. The new guy who's trying to hunt down employees who've complained by email, however, is not.
(Score: 2) by RS3 on Friday May 01 2020, @07:57PM (2 children)
Is Poettering RedHat CEO? CFO? Point is, there are layers of management above him that approved systemd becoming integral to RedHat Linux. My complaint: they did not make it optional.
If you don't understand corporate management, the "Dilbert Principal", and others, that's okay.
That Muilenberg became CEO doesn't mean he was ever a good engineer. Perhaps he was and is a good engineer, but had no idea what was going on with MCAS. I fault FAA as much or more BTW. FAA trusted Boeing. Lazy indifference. Proof: 2nd plane killed months later. And there were many many reports of huge problems with 737 MAX (MCAS at work). Broken system.
You can be a good manager and not be technical. But don't overrule your technical staff when they raise a red flag. It's bad for morale. So is the resulting death.
(Score: 0) by Anonymous Coward on Saturday May 02 2020, @02:05AM
The non-technical directors are used only in cases where the corporation has switched from selling a good or service to focusing on playing the stock market and other investments. Take Nokia as an example. They have been getting out of the hardware business since Microsoft's Elop delivered the fatal blow. They have some networking left, but that won't be around another decade with the new non-technical CEO unless they really make a credible move to show they are serious about it. Other companies do the same thing once they get large enough these days.
They bring in a non-technical CEO who brings in lays off the non-technical staff and quickly displace and lay off the technical staff. The appearance of makeing or selling something is kept but just the appearance. Behind that fascade they buy and sell stock, funds or portfolios.
(Score: 2) by janrinok on Saturday May 02 2020, @08:08AM
Yes they did - it is optional, at the user's discretion.
(Score: 1, Insightful) by Anonymous Coward on Friday May 01 2020, @06:59PM
Poettering and friends are arrogant, not incompetent. They understand "fundamental OS design principles" but fail to grok unix or the mysterious text-based world we were initiated into where every command had it's own hidden lore to be passed down through the generations.
I've recently been drawing parallels with this event in the context of a committee from a well known world organization that has repeatedly made the wrong calls. No authority without responsibility, these two immutably linked concepts give rise to accountability. If an engineer or medical doctor makes a wrong call, it's malpractice. Political appointees cannot have authority if they are not responsible and if they are not held to account they had no authority - those who appointed them must be held accountable. The rot is setting in with the "every child gets a prize" mindset that millennials bring to the table, no concept of losing having taken responsibility and failed.
(Score: 2) by meustrus on Friday May 01 2020, @07:50PM
Fully acknowledging GP was being snarky...
If forking the program and correcting it yourself is not viable, then free software is broken. We need to be capable of fixing problems without consulting the Grand Vizier, and sometimes that's only possible with a fork.
Hell, the idea that we have different Linux "distributions" to begin with is only possible because of forking. Maybe systemd breaks the premise of that system.
Or maybe we should give up on the idea of the One True Userspace Compatibility and truly fork the OS.
I say this fully knowing that I still haven't tried BSD, that I'm becoming more invested in Linux because of Docker. But at least as long as I do stuff in Docker, I don't have to worry about system initialization anyway. Software is so much easier on commodity servers.
If there isn't at least one reference or primary source, it's not +1 Informative. Maybe the underused +1 Interesting?