SoylentNews is people
SoylentNews
from the resistance-is-futile.-/home-will-be-assimilated dept.
Good News:
Linux home directory management is about to undergo major change:
With systemd 245 comes systemd-homed. Along with that, Linux admins will have to change the way they manage users and users' home directories.
[...] Prior to systemd every system and resource was managed by its own tool, which was clumsy and inefficient. Now? Controlling and managing systems on Linux is incredibly easy.
But one of the creators, Leannart Poettering, has always considered systemd to be incomplete. With the upcoming release of systemd 245, Poettering will take his system one step closer to completion. That step is by way of homed.
[...] let's take a look at the /home directory. This is a crucial directory in the Linux filesystem hierarchy, as it contains all user data and configurations. For some admins, this directory is so important, it is often placed on a separate partition or drive than the operating system. By doing this, user data is safe, even if the operating system were to implode.
However, the way /home is handled within the operating system makes migrating the /home directory not nearly as easy as it should be. Why? With the current iteration of systemd, user information (such as ID, full name, home directory, and shell) is stored in /etc/passwd and the password associated with that user is stored in /etc/shadow. The /etc/passwd file can be viewed by anyone, whereas /etc/shadow can only be viewed by those with admin or sudo privileges.
[...] Poettering has decided to make a drastic change. That change is homed. With homed, all information will be placed in a cryptographically signed JSON record for each user. That record will contain all user information such as username, group membership, and password hashes.
Each user home directory will be linked as LUKS-encrypted containers, with the encryption directly coupled to user login. Once systemd-homed detects a user has logged in, the associated home directory is decrypted. Once that user logs out, the home directory is automatically encrypted.
[...] Of course, such a major change doesn't come without its share of caveats. In the case of systemd-homed, that caveat comes by way of SSH. If a systemd-homed home directory is encrypted until a user successfully logs in, how will users be able to log in to a remote machine with SSH?
The big problem with that is the .ssh directory (where SSH stores known_hosts and authorized_keys) would be inaccessible while the user's home directory is encrypted. Of course Poettering knows of this shortcoming. To date, all of the work done with systemd-homed has been with the standard authentication process. You can be sure that Poettering will come up with a solution that takes SSH into consideration.
Older articles:
- Pack Your Bags – Systemd Is Taking You To A New Home
- Systemd-Homed Merged As A Fundamental Change To Linux Home Directories
Will systemd be considered complete once the kernel and boot loader have been absorbed into systemd?
(Score: 0) by Anonymous Coward on Friday May 01 2020, @02:36PM (3 children)
That would be nice but no,
I used slack back around 4.0 (~kernel 0.97, or so). Back in the aughts, the slackware web package repo went down for almost an entire year. Their packages are also often way out of date. Yes you can build from source, and I often do. But not on slack, because their libs are out of date too. Notably this is at the very least a security problem. I liked the backwards compatability mentality of slack. But they need rolling release to maintain that compatability. They don't, so it isn't.
I use Void on my laptop. Unfortunately I have to use centos for another project due to some dependency issues.
As for the Pottering pole smokers club:
"all information will be placed in a cryptographically signed JSON record for each user".
Hey why not use windows INI files like you did the last time? /s
Pottering discovers a lib for the first time, and Debian bends over to take it in the ass, and the rest of the Linux community suffers. Dear Linux community, Debian is deprecated. Stop regarding it as authoritative.
"Once systemd-homed detects a user has logged in, the associated home directory is decrypted. Once that user logs out, the home directory is automatically encrypted."
Yeah how could that possibly go wrong? Because sysadmins never have to deal with things like power outages or HVAC breakdowns.
There is a right way to do that. Following a cult of personality who has no intention of maintaining a cogent set of tools, isn't it.
(Score: 0) by Anonymous Coward on Friday May 01 2020, @02:59PM
If systemd logind can depend on a user-space lib like gettext then homed can damn well depend on json-c. In fact why don't we use json for everything, we can encapsulate DNS, NTP and systemd binary log files. Put json into the kernel as a debug serialization, write a device driver for a VR headset and neuro-implant so I can have json injected right into my fucking brain. Don't you love systemd? Wouldn't you like some more systemd with your systemd?
(Score: 0) by Anonymous Coward on Friday May 01 2020, @03:50PM
When on one side I see the incessant deluge of crazy bugs swamping the users of Ubuntu, Gentoo and other such "bleeding edge" chimeras, and on the other, just some... credulous persons fantasizing about imaginary "security problems" because Teh Guru Said So!!!11, the choice is obvious.
Slackware FTW!
(Score: 2) by Arik on Saturday May 02 2020, @03:00PM
Nonsense. Security fixes are backported regularly, just like with Debian Stable.
If laughter is the best medicine, who are the best doctors?