SoylentNews is people
SoylentNews
from the resistance-is-futile.-/home-will-be-assimilated dept.
Good News:
Linux home directory management is about to undergo major change:
With systemd 245 comes systemd-homed. Along with that, Linux admins will have to change the way they manage users and users' home directories.
[...] Prior to systemd every system and resource was managed by its own tool, which was clumsy and inefficient. Now? Controlling and managing systems on Linux is incredibly easy.
But one of the creators, Leannart Poettering, has always considered systemd to be incomplete. With the upcoming release of systemd 245, Poettering will take his system one step closer to completion. That step is by way of homed.
[...] let's take a look at the /home directory. This is a crucial directory in the Linux filesystem hierarchy, as it contains all user data and configurations. For some admins, this directory is so important, it is often placed on a separate partition or drive than the operating system. By doing this, user data is safe, even if the operating system were to implode.
However, the way /home is handled within the operating system makes migrating the /home directory not nearly as easy as it should be. Why? With the current iteration of systemd, user information (such as ID, full name, home directory, and shell) is stored in /etc/passwd and the password associated with that user is stored in /etc/shadow. The /etc/passwd file can be viewed by anyone, whereas /etc/shadow can only be viewed by those with admin or sudo privileges.
[...] Poettering has decided to make a drastic change. That change is homed. With homed, all information will be placed in a cryptographically signed JSON record for each user. That record will contain all user information such as username, group membership, and password hashes.
Each user home directory will be linked as LUKS-encrypted containers, with the encryption directly coupled to user login. Once systemd-homed detects a user has logged in, the associated home directory is decrypted. Once that user logs out, the home directory is automatically encrypted.
[...] Of course, such a major change doesn't come without its share of caveats. In the case of systemd-homed, that caveat comes by way of SSH. If a systemd-homed home directory is encrypted until a user successfully logs in, how will users be able to log in to a remote machine with SSH?
The big problem with that is the .ssh directory (where SSH stores known_hosts and authorized_keys) would be inaccessible while the user's home directory is encrypted. Of course Poettering knows of this shortcoming. To date, all of the work done with systemd-homed has been with the standard authentication process. You can be sure that Poettering will come up with a solution that takes SSH into consideration.
Older articles:
- Pack Your Bags – Systemd Is Taking You To A New Home
- Systemd-Homed Merged As A Fundamental Change To Linux Home Directories
Will systemd be considered complete once the kernel and boot loader have been absorbed into systemd?
(Score: 4, Insightful) by digitalaudiorock on Friday May 01 2020, @03:01PM (8 children)
+1000 to all that. I use all Gentoo myself and my company moved from CentOS6 to Devuan to avoid this cluster fuck.
I actually can't believe how AstroTurfed that article is...like this gem:
Holy fucking bullshit alert. Let me translate: "the UNIX philosophy of 'do one thing and do it well' that, unlike other OSs, has allowed it to survive for 1/2 century, has officially been changed to 'do everything and do it like fucking shit'". This all is indistinguishable Windows. What a fucking mess.
(Score: 2) by Grishnakh on Friday May 01 2020, @03:21PM (2 children)
This all is indistinguishable Windows. What a fucking mess.
Don't be so over-dramatic. Nothing is remotely as bad as the Windows 10 UI (except maybe the Windows 8 UI). Linux hasn't gotten that bad yet; Gnome is pretty awful of course, but you can still easily run KDE or Xfce or Cinnamon.
(Score: 3, Insightful) by digitalaudiorock on Friday May 01 2020, @03:56PM
Well in terms of UI functionality etc I agree to some extent. But in terms of administering the system itself, and most notably understanding what's going on and NOT having it become a fucking poorly documented black box, buried in binary shit that used to be in readable text, that nobody outside of Redhat understands...it very much is becoming Windows and gets worse with every change. That seriously fucks up ever headless servers with no UI. They can stick all of their crap up their ass.
Tom
(Score: 2) by rleigh on Friday May 01 2020, @04:53PM
Have you even looked at the direction Windows has gone in? Complain all you like about the UI. That's utterly superficial.
Look at what they are doing under the hood. Windows administration is all about CLI scripting with PowerShell. It's going in the opposite direction. Lots of little "cmdlets" that let you interface with every nook and cranny of Windows and dynamically tweak it. And it's all flexible and extensible via C#. I don't want to particularly endorse it, but I do want to point out that modern Windows has some fairly interesting stuff going on if you can get past the UI.
(Score: 2) by Azuma Hazuki on Saturday May 02 2020, @12:21AM (4 children)
Moved to *Devuan* proper? Wow. You have a seriously savvy C-suite then. I'm impressed. So Devuan is now stable enough to be what Debian was? I've been playing with it in VM and kind of like it, but am worried it's not all there yet.
I am "that girl" your mother warned you about...
(Score: 3, Interesting) by digitalaudiorock on Saturday May 02 2020, @09:44PM (2 children)
In our case this was strictly for headless LAMP servers intended to run as VMs. We initially used Devuan 1 (Jessie) though that involved updating to PHP 7.2 from a separate repo. We've got a Devuan 3 (Beowulf) VM basically ready to use but are waiting for that to go stable (which should actually be fairly soon). That runs PHP 7.3. In that one we've also moved from MySQL to MariaDB 10.3. All in all it's been awesome for that purpose...really minimalist for sure.
I can't personnally speak to how things are with workstation / desktop stuff though many are using it for sure.
(Score: 2) by Azuma Hazuki on Saturday May 02 2020, @10:37PM (1 child)
I've been playing with Beowulf in a VM. It still has the GTK2 Xfce (4.12) and as weird as this sounds, I really miss it. Gentoo only has ebuilds for 4.14.x and I can't find an overlay for the older versions anywhere, and LXDE isn't quite the same.
I am "that girl" your mother warned you about...
(Score: 2) by digitalaudiorock on Sunday May 03 2020, @05:31PM
Interesting. I actually went very minimalist many years ago and moved to just fluxbox using no desktop icons of any sort. I have keyboard shortcuts configured for programs I commonly use and do most everything else from the command line. I don't use any sort of file explorer either aside from basically cd and ls ;).
You mention GTK2. So far I've avoided GTK3. I've heard VERY little good about it...as with much from the freedesktop.org direction. I use gvim with GTK2 and it performs fine, though I've heard that it sort of sucks compiled with GTK3.
(Score: 2) by digitalaudiorock on Saturday May 02 2020, @09:52PM
One thing to keep in mind is that Devuan basically uses the Debian repos for the corresponding version with their own repo's replacements where they're needed. Especially for a headless server there's actually very little difference outside of init scripts etc...so it's far from a completely new animal. It's more like "Debian as God intended" ;)