Stories
Slash Boxes
Comments

SoylentNews is people

posted by Fnord666 on Friday May 01 2020, @11:04AM   Printer-friendly
from the resistance-is-futile.-/home-will-be-assimilated dept.

Good News:

Linux home directory management is about to undergo major change:

With systemd 245 comes systemd-homed. Along with that, Linux admins will have to change the way they manage users and users' home directories.

[...] Prior to systemd every system and resource was managed by its own tool, which was clumsy and inefficient. Now? Controlling and managing systems on Linux is incredibly easy.

But one of the creators, Leannart Poettering, has always considered systemd to be incomplete. With the upcoming release of systemd 245, Poettering will take his system one step closer to completion. That step is by way of homed.

[...] let's take a look at the /home directory. This is a crucial directory in the Linux filesystem hierarchy, as it contains all user data and configurations. For some admins, this directory is so important, it is often placed on a separate partition or drive than the operating system. By doing this, user data is safe, even if the operating system were to implode.

However, the way /home is handled within the operating system makes migrating the /home directory not nearly as easy as it should be. Why? With the current iteration of systemd, user information (such as ID, full name, home directory, and shell) is stored in /etc/passwd and the password associated with that user is stored in /etc/shadow. The /etc/passwd file can be viewed by anyone, whereas /etc/shadow can only be viewed by those with admin or sudo privileges.

[...] Poettering has decided to make a drastic change. That change is homed. With homed, all information will be placed in a cryptographically signed JSON record for each user. That record will contain all user information such as username, group membership, and password hashes.

Each user home directory will be linked as LUKS-encrypted containers, with the encryption directly coupled to user login. Once systemd-homed detects a user has logged in, the associated home directory is decrypted. Once that user logs out, the home directory is automatically encrypted.

[...] Of course, such a major change doesn't come without its share of caveats. In the case of systemd-homed, that caveat comes by way of SSH. If a systemd-homed home directory is encrypted until a user successfully logs in, how will users be able to log in to a remote machine with SSH?

The big problem with that is the .ssh directory (where SSH stores known_hosts and authorized_keys) would be inaccessible while the user's home directory is encrypted. Of course Poettering knows of this shortcoming. To date, all of the work done with systemd-homed has been with the standard authentication process. You can be sure that Poettering will come up with a solution that takes SSH into consideration.

Older articles:

Will systemd be considered complete once the kernel and boot loader have been absorbed into systemd?


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 0) by Anonymous Coward on Friday May 01 2020, @01:01PM (5 children)

    by Anonymous Coward on Friday May 01 2020, @01:01PM (#988913)

    Bbut... where do you put Pictures? And Videos? And Templates? That recreate if you delete them. It doesn't make any sense?!

  • (Score: 4, Informative) by Arik on Friday May 01 2020, @01:39PM (1 child)

    by Arik (4543) on Friday May 01 2020, @01:39PM (#988941) Journal
    "That recreate if you delete them. It doesn't make any sense?!"

    When this happens;

    1. Figure out which program is doing it.
    2. Check if this is a configuration option.
    3. a. If it is, fix the config.
       b. If it is not, remove the program.
    --
    If laughter is the best medicine, who are the best doctors?
    • (Score: 2) by meustrus on Friday May 01 2020, @07:35PM

      by meustrus (4961) on Friday May 01 2020, @07:35PM (#989138)

      Naw, if something keeps messing with your files, it's too late. They've been found. If you didn't tell the software where those files are, they were discovered by some "convention".

      If your software does something you don't like, don't fight it. Let it do its thing. Move your stuff somewhere safe. Like GP suggests.

      /home has been pwned since it was first invented. Any files that software messes with belong to the machine now. Keep your stuff somewhere safe.

      Heck, the homed idea would actually be pretty slick if it didn't involve breaking the world and asserting control. Auto-mount an encrypted drive that belongs to the user at login? Awesome! Just don't touch anything inside it.

      --
      If there isn't at least one reference or primary source, it's not +1 Informative. Maybe the underused +1 Interesting?
  • (Score: 0) by Anonymous Coward on Friday May 01 2020, @11:28PM (1 child)

    by Anonymous Coward on Friday May 01 2020, @11:28PM (#989258)

    A lot of programs will place their files wherever you tell them your $HOME is. You can alias the cd command, with no arguments, to cd /home/username , so that it appears to be working more or less as normal. I'm sure there are some programs out there that won't like it, but anything written correctly should function just fine and for anything that's important, you should be able to have the program place the files where you want them via symlinks or just changing the configuration.

    It's astonishing to me, how little knowledge and creativity people have about these things. This isn't Windows, or god forbid, OSX, you can change these things if you really want to.

    • (Score: 0) by Anonymous Coward on Saturday May 02 2020, @12:08PM

      by Anonymous Coward on Saturday May 02 2020, @12:08PM (#989427)

      Not to give the pots too much credit, but he did co-author the XDG_ environment spec that enables you to further manipulate where .config .local .cache and such goes... if programs respect them.

  • (Score: 1) by drgibbon on Saturday May 02 2020, @08:26PM

    by drgibbon (74) on Saturday May 02 2020, @08:26PM (#989577) Journal

    You can define the locations of those in ~/.config/user-dirs.dirs

    E.g., XDG_VIDEOS_DIR="$HOME/media/videos"

    or whatever you like [archlinux.org].

    --
    Certified Soylent Fresh!