Stories
Slash Boxes
Comments

SoylentNews is people

posted by Fnord666 on Friday May 01 2020, @11:04AM   Printer-friendly
from the resistance-is-futile.-/home-will-be-assimilated dept.

Good News:

Linux home directory management is about to undergo major change:

With systemd 245 comes systemd-homed. Along with that, Linux admins will have to change the way they manage users and users' home directories.

[...] Prior to systemd every system and resource was managed by its own tool, which was clumsy and inefficient. Now? Controlling and managing systems on Linux is incredibly easy.

But one of the creators, Leannart Poettering, has always considered systemd to be incomplete. With the upcoming release of systemd 245, Poettering will take his system one step closer to completion. That step is by way of homed.

[...] let's take a look at the /home directory. This is a crucial directory in the Linux filesystem hierarchy, as it contains all user data and configurations. For some admins, this directory is so important, it is often placed on a separate partition or drive than the operating system. By doing this, user data is safe, even if the operating system were to implode.

However, the way /home is handled within the operating system makes migrating the /home directory not nearly as easy as it should be. Why? With the current iteration of systemd, user information (such as ID, full name, home directory, and shell) is stored in /etc/passwd and the password associated with that user is stored in /etc/shadow. The /etc/passwd file can be viewed by anyone, whereas /etc/shadow can only be viewed by those with admin or sudo privileges.

[...] Poettering has decided to make a drastic change. That change is homed. With homed, all information will be placed in a cryptographically signed JSON record for each user. That record will contain all user information such as username, group membership, and password hashes.

Each user home directory will be linked as LUKS-encrypted containers, with the encryption directly coupled to user login. Once systemd-homed detects a user has logged in, the associated home directory is decrypted. Once that user logs out, the home directory is automatically encrypted.

[...] Of course, such a major change doesn't come without its share of caveats. In the case of systemd-homed, that caveat comes by way of SSH. If a systemd-homed home directory is encrypted until a user successfully logs in, how will users be able to log in to a remote machine with SSH?

The big problem with that is the .ssh directory (where SSH stores known_hosts and authorized_keys) would be inaccessible while the user's home directory is encrypted. Of course Poettering knows of this shortcoming. To date, all of the work done with systemd-homed has been with the standard authentication process. You can be sure that Poettering will come up with a solution that takes SSH into consideration.

Older articles:

Will systemd be considered complete once the kernel and boot loader have been absorbed into systemd?


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 1) by fustakrakich on Friday May 01 2020, @02:48PM (9 children)

    by fustakrakich (6150) on Friday May 01 2020, @02:48PM (#988985) Journal

    Little bits of systemd are creeping into slackware to accommodate Plasma 5. Once they and Gentoo get swallowed up, I will have to decide which BSD is best.

    By the way, which BSD is best?

    --
    La politica e i criminali sono la stessa cosa..
  • (Score: 2) by Arik on Friday May 01 2020, @03:06PM

    by Arik (4543) on Friday May 01 2020, @03:06PM (#988997) Journal
    I'm not sure, I haven't used any of them for several years now.

    OBSD used to be pretty good, but I'm afraid the licensing killed it.
    --
    If laughter is the best medicine, who are the best doctors?
  • (Score: 5, Insightful) by Arik on Friday May 01 2020, @03:12PM (3 children)

    by Arik (4543) on Friday May 01 2020, @03:12PM (#989000) Journal
    Also, are you /sure/ about your first sentence?

    I've heard that "little bits" of systemd are creeping into slackware line for years but as far as I know this is a misunderstanding. There are a few shims that stand in for systemd in the sense of returning an expected answer when a stupid program attempts to invoke it, but that's not really the same thing. I'd rather see the crap programs fixed properly of course; but PVs time is limited, and when he sees a way to simulate systemd without actually importing any of its code or vulnerabilities and save a lot of time it makes sense to use it.
    --
    If laughter is the best medicine, who are the best doctors?
    • (Score: 1, Informative) by Anonymous Coward on Friday May 01 2020, @04:38PM (2 children)

      by Anonymous Coward on Friday May 01 2020, @04:38PM (#989032)

      Maybe he's speaking of things like https://wiki.gentoo.org/wiki/Elogind [gentoo.org] where distribution developers re-implement a systemd service as a standalone daemon. Its a requirement for things like Plasma 5 and Gnome which depend on those systemd services now.

      • (Score: 2) by Arik on Friday May 01 2020, @05:02PM (1 child)

        by Arik (4543) on Friday May 01 2020, @05:02PM (#989042) Journal
        Ahh thank you, I did indeed reply too quickly, without making sure I understood the reference to Plasma.

        But that's not Slackware. Slackware hasn't shipped with GNOME in years.

        Of course users are free to port what they want, how they want. And if I needed GNOME I'd certainly rather have it like this, with the necessary bits in a standalone package, than the alternative.
        --
        If laughter is the best medicine, who are the best doctors?
        • (Score: 0) by Anonymous Coward on Saturday May 02 2020, @10:23AM

          by Anonymous Coward on Saturday May 02 2020, @10:23AM (#989398)
          Gnome and Plasma, aka KDE 5.
  • (Score: 2) by cockroach on Friday May 01 2020, @06:48PM (1 child)

    by cockroach (2266) on Friday May 01 2020, @06:48PM (#989104)

    Once they and Gentoo get swallowed up, I will have to decide which BSD is best.

    There is also Parabola [parabola.nu] with OpenRC [parabola.nu] if you're more into Arch (it's a fully-libre Arch fork). I have been using it on machines where I'm too lazy to keep yet another Gentoo installation updated all the time...

    • (Score: 0) by Anonymous Coward on Saturday May 02 2020, @05:43AM

      by Anonymous Coward on Saturday May 02 2020, @05:43AM (#989347)

      There's another Arch based Systemd-free libre GNU/Linux distro you can use which also uses OpenRC and is a long term distro (not a rolling release) Hyperbola [hyperbola.info].

  • (Score: 2) by fido_dogstoyevsky on Friday May 01 2020, @11:10PM (1 child)

    by fido_dogstoyevsky (131) <axehandleNO@SPAMgmail.com> on Friday May 01 2020, @11:10PM (#989252)

    ...By the way, which BSD is best?

    OpenBSD, because of their BDFL's attitude.

    --
    It's NOT a conspiracy... it's a plot.
    • (Score: 1) by fustakrakich on Friday May 01 2020, @11:27PM

      by fustakrakich (6150) on Friday May 01 2020, @11:27PM (#989257) Journal

      Ah, the same as Slackware.

      I remember the wristwatch with a lifetime guarantee, guaranteed for the life of the watch

      --
      La politica e i criminali sono la stessa cosa..