Good News:
Linux home directory management is about to undergo major change:
With systemd 245 comes systemd-homed. Along with that, Linux admins will have to change the way they manage users and users' home directories.
[...] Prior to systemd every system and resource was managed by its own tool, which was clumsy and inefficient. Now? Controlling and managing systems on Linux is incredibly easy.
But one of the creators, Leannart Poettering, has always considered systemd to be incomplete. With the upcoming release of systemd 245, Poettering will take his system one step closer to completion. That step is by way of homed.
[...] let's take a look at the /home directory. This is a crucial directory in the Linux filesystem hierarchy, as it contains all user data and configurations. For some admins, this directory is so important, it is often placed on a separate partition or drive than the operating system. By doing this, user data is safe, even if the operating system were to implode.
However, the way /home is handled within the operating system makes migrating the /home directory not nearly as easy as it should be. Why? With the current iteration of systemd, user information (such as ID, full name, home directory, and shell) is stored in /etc/passwd and the password associated with that user is stored in /etc/shadow. The /etc/passwd file can be viewed by anyone, whereas /etc/shadow can only be viewed by those with admin or sudo privileges.
[...] Poettering has decided to make a drastic change. That change is homed. With homed, all information will be placed in a cryptographically signed JSON record for each user. That record will contain all user information such as username, group membership, and password hashes.
Each user home directory will be linked as LUKS-encrypted containers, with the encryption directly coupled to user login. Once systemd-homed detects a user has logged in, the associated home directory is decrypted. Once that user logs out, the home directory is automatically encrypted.
[...] Of course, such a major change doesn't come without its share of caveats. In the case of systemd-homed, that caveat comes by way of SSH. If a systemd-homed home directory is encrypted until a user successfully logs in, how will users be able to log in to a remote machine with SSH?
The big problem with that is the .ssh directory (where SSH stores known_hosts and authorized_keys) would be inaccessible while the user's home directory is encrypted. Of course Poettering knows of this shortcoming. To date, all of the work done with systemd-homed has been with the standard authentication process. You can be sure that Poettering will come up with a solution that takes SSH into consideration.
Older articles:
Will systemd be considered complete once the kernel and boot loader have been absorbed into systemd?
(Score: 1) by pTamok on Friday May 01 2020, @01:04PM (4 children)
From the fine article:
(Score: 0) by Anonymous Coward on Friday May 01 2020, @01:33PM
systemd-sshd, feeping soon to a creature near you!
(Score: 3, Insightful) by rleigh on Friday May 01 2020, @04:47PM (2 children)
> You can be sure that Poettering will come up with a solution that takes SSH into consideration.
You mean like how he took tmux and screen into consideration when logind broke them completely. He never fixed it!
He never admits to his own stupid mistakes and misunderstanding. Change and progress at all costs!
(Score: 1) by pTamok on Friday May 01 2020, @05:06PM (1 child)
Yes, well. I think the time has come to recognise that systemd is not going to go away: and so, if you want a system which does what you want, rather that what Lennart Poettering thinks you should want, then finding a non-systemd alternative is required.
Systemd is great for some use-cases. I have used it in a production environment, and it does have certain benefits: but I am not sure the benefits outweigh the disadvantages.
I sincerely hope that a non-systemd Linux distribution gains critical mass so that I can put in the effort to convert my systems to it. I've grown lazy and used to Debian/Ubuntu and variants; but it would be nice to have an audio subsystem that works and a shutdown that doesn't hang waiting on network processes so that I need to use the 'magic SysRq key' and RESIO sequence to get my notebook PC to shut down.
(Score: 2) by rleigh on Friday May 01 2020, @07:18PM
I already did. I moved the server-side stuff to FreeBSD and the desktop-side stuff to Windows 10 and MacOS. After over two decades of using Linux pretty much solely on the desktop. I've had enough of it, I'm out. There's only so much ridiculousness I'm willing to tolerate, and with systemd it passed that point quite some time ago. I got rid of my last Linux desktop last year. It's all VMs now, for the stuff I absolutely have to use it for.