SoylentNews is people
SoylentNews
from the resistance-is-futile.-/home-will-be-assimilated dept.
Good News:
Linux home directory management is about to undergo major change:
With systemd 245 comes systemd-homed. Along with that, Linux admins will have to change the way they manage users and users' home directories.
[...] Prior to systemd every system and resource was managed by its own tool, which was clumsy and inefficient. Now? Controlling and managing systems on Linux is incredibly easy.
But one of the creators, Leannart Poettering, has always considered systemd to be incomplete. With the upcoming release of systemd 245, Poettering will take his system one step closer to completion. That step is by way of homed.
[...] let's take a look at the /home directory. This is a crucial directory in the Linux filesystem hierarchy, as it contains all user data and configurations. For some admins, this directory is so important, it is often placed on a separate partition or drive than the operating system. By doing this, user data is safe, even if the operating system were to implode.
However, the way /home is handled within the operating system makes migrating the /home directory not nearly as easy as it should be. Why? With the current iteration of systemd, user information (such as ID, full name, home directory, and shell) is stored in /etc/passwd and the password associated with that user is stored in /etc/shadow. The /etc/passwd file can be viewed by anyone, whereas /etc/shadow can only be viewed by those with admin or sudo privileges.
[...] Poettering has decided to make a drastic change. That change is homed. With homed, all information will be placed in a cryptographically signed JSON record for each user. That record will contain all user information such as username, group membership, and password hashes.
Each user home directory will be linked as LUKS-encrypted containers, with the encryption directly coupled to user login. Once systemd-homed detects a user has logged in, the associated home directory is decrypted. Once that user logs out, the home directory is automatically encrypted.
[...] Of course, such a major change doesn't come without its share of caveats. In the case of systemd-homed, that caveat comes by way of SSH. If a systemd-homed home directory is encrypted until a user successfully logs in, how will users be able to log in to a remote machine with SSH?
The big problem with that is the .ssh directory (where SSH stores known_hosts and authorized_keys) would be inaccessible while the user's home directory is encrypted. Of course Poettering knows of this shortcoming. To date, all of the work done with systemd-homed has been with the standard authentication process. You can be sure that Poettering will come up with a solution that takes SSH into consideration.
Older articles:
- Pack Your Bags – Systemd Is Taking You To A New Home
- Systemd-Homed Merged As A Fundamental Change To Linux Home Directories
Will systemd be considered complete once the kernel and boot loader have been absorbed into systemd?
(Score: 5, Insightful) by VanessaE on Friday May 01 2020, @11:27AM (38 children)
Say whatever you want about systemd (I don't care for it) and Poettering's other projects, but for fuck sake KEEP YOUR HANDS OFF MY HOME DIRECTORIES!
I have a hard enough time keeping things straight as it is.
Besides, /home has been a thing in Unix-ish OS's for, what, 50 years now? What possible benefit could there be to the end user (or the admin for that matter) to start changing it up now?
(Score: 1) by shrewdsheep on Friday May 01 2020, @11:48AM (12 children)
Your only chance is to retreat. I have long given up on defending my home folder. Too many programs just write stuff wherever they see fit. Programs even start invading the Documents folder. I have now my own subfolder in home (the name of which I keep a secret) that I call my very home (whoever touches it, gets nuked).
(Score: 5, Interesting) by bzipitidoo on Friday May 01 2020, @12:53PM (10 children)
Huh, that's what I've done. My real home directory is a subdirectory I created in /home/me. Too many programs want to clutter up the home directory and the official subdirectories. If I use the home directory the system set up, makes it difficult to tell which files and subdirectories are mine.
I found it useful to break the big stuff out separately. Video I made goes in a separate subdirectory.
I got another idea that helps me stay more organized. I made /home/me/tmp for my own temporary stuff. Anything I put in there is subject to deletion, but not by any system process, only by me, when I'm ready. Makes me think about whether I want to keep something when I'm creating it.
(Score: 0) by Anonymous Coward on Friday May 01 2020, @01:01PM (5 children)
Bbut... where do you put Pictures? And Videos? And Templates? That recreate if you delete them. It doesn't make any sense?!
(Score: 4, Informative) by Arik on Friday May 01 2020, @01:39PM (1 child)
When this happens;
1. Figure out which program is doing it.
2. Check if this is a configuration option.
3. a. If it is, fix the config.
b. If it is not, remove the program.
If laughter is the best medicine, who are the best doctors?
(Score: 2) by meustrus on Friday May 01 2020, @07:35PM
Naw, if something keeps messing with your files, it's too late. They've been found. If you didn't tell the software where those files are, they were discovered by some "convention".
If your software does something you don't like, don't fight it. Let it do its thing. Move your stuff somewhere safe. Like GP suggests.
/home has been pwned since it was first invented. Any files that software messes with belong to the machine now. Keep your stuff somewhere safe.
Heck, the homed idea would actually be pretty slick if it didn't involve breaking the world and asserting control. Auto-mount an encrypted drive that belongs to the user at login? Awesome! Just don't touch anything inside it.
If there isn't at least one reference or primary source, it's not +1 Informative. Maybe the underused +1 Interesting?
(Score: 0) by Anonymous Coward on Friday May 01 2020, @11:28PM (1 child)
A lot of programs will place their files wherever you tell them your $HOME is. You can alias the cd command, with no arguments, to cd /home/username , so that it appears to be working more or less as normal. I'm sure there are some programs out there that won't like it, but anything written correctly should function just fine and for anything that's important, you should be able to have the program place the files where you want them via symlinks or just changing the configuration.
It's astonishing to me, how little knowledge and creativity people have about these things. This isn't Windows, or god forbid, OSX, you can change these things if you really want to.
(Score: 0) by Anonymous Coward on Saturday May 02 2020, @12:08PM
Not to give the pots too much credit, but he did co-author the XDG_ environment spec that enables you to further manipulate where .config .local .cache and such goes... if programs respect them.
(Score: 1) by drgibbon on Saturday May 02 2020, @08:26PM
You can define the locations of those in ~/.config/user-dirs.dirs
E.g., XDG_VIDEOS_DIR="$HOME/media/videos"
or whatever you like [archlinux.org].
Certified Soylent Fresh!
(Score: 2, Interesting) by shrewdsheep on Friday May 01 2020, @01:03PM (2 children)
Huh, that's what I've done.
Let me do some mind-reading: you only backup that subfolder of yours together with some select folder from home (.ssh, some stuff from .config). Your large stuff (Music/Videos) go into different backups than the rest of the files (the latter are backupped incrementally and being encrypted, but my crystal is a bit blurred on that). Finally, some important application config files are moved to your private home and symbolically linked to their expected location.
(Score: 3, Interesting) by Grishnakh on Friday May 01 2020, @02:59PM (1 child)
Interesting, but I don't see the point in backing up Music/Videos separately. Personally, I just backup my home dir onto portable USB drives using rsync. The large stuff doesn't change often, so it doesn't take any time to backup unless you've changed it. Even if you use some kind of snapshotting backup program, this would still be the case.
The biggest problem I have with home dirs is that large desktop environments typically keep a lot of crap buried in some dot-directory like .config, and then when they update to a new version, something in there breaks (the new version doesn't read the old config file correctly, and madness ensues). The standard advice from the DE maintainers is to simply wipe out your entire home directory and start over....
(Score: 3, Interesting) by bzipitidoo on Friday May 01 2020, @06:04PM
Backing up video, images, and music separately made more sense when I started that system, which was when a big flash drive was 1G, and I still sometimes used CD-Rs and CD-RWs. I even tried those Iomega Zip drives. Lost everything to their infamous Click Of Death problem.
One hint that everyone else had moved on from CDs was that in newer kernels, I encountered several bugs related to their use. There was a problem with the type of optical media from kernel version 2.6.6 through 2.6.8 -- CD-Rs did not work, but CD-RWs were fine. If I was the first to discover these problems, that had to mean no one else was still using that hardware. More recently, I learned that 2.6.25 is the last version that can handle 40 wire PATA cables. Better find an 80 wire cable if you want to run a newer kernel on such old hardware.
(Score: 2) by Reziac on Saturday May 02 2020, @02:43AM
I've done that since forever, on every OS. I sort my shit out where I want it, somewhere the OS doesn't use and doesn't officially know about. That way there's never confusion or argument.
And there is no Alkibiades to come back and save us from ourselves.
(Score: 0) by Anonymous Coward on Sunday May 03 2020, @08:21AM
Same for Windows 10. It puts your 'home' with a bunch of stupid junctions that WILL delete or corrupt data. Can't they just have normal folders?
I have learnt to only use /home (Users) in Windows for temporary files. Create a folder someone where, preferably on a different drive, for long term storage. Or anything you want to keep when Windows blats your C: data.
Some things never change. Never thought I'd see this in *nix.
(Score: 3, Insightful) by Anonymous Coward on Friday May 01 2020, @11:58AM (8 children)
It's called 'not in house syndrome' with a touch of 'we sell support so lets make this as difficult to use without it on purpose'.
(Score: 0) by Anonymous Coward on Friday May 01 2020, @12:54PM (7 children)
I haven't dug into homectl yet, but everything else in systemd is trivially easy to learn. We run CentOS at work and we've never had to pay consultants. Most of our sysadmins have been Linux sysadmins since before systemd was created, and they all made the transition effortlessly. Thousands of servers, no problems related to the init system.
I think your point stands in general. "Well sell support so lets make this as difficult to use without it on purpose" seems to be the business model for Oracle databases, Enterprise Java Beans, Microsoft Group Policies, and lots of other so-called enterprise products. But regardless of the technical merits or flaws in systemd, you can learn everything you need to know about it in a day or two just from reading the public documentation or the man pages.
(Score: 0) by Anonymous Coward on Friday May 01 2020, @01:04PM
>you can relearn everything you already know about it in a day or two
FTFY. Those days sure add up when it's happening to everything all the time.
(Score: 2) by janrinok on Friday May 01 2020, @01:14PM (4 children)
(Score: 2) by Arik on Friday May 01 2020, @01:45PM (2 children)
This sounds deliberately short-sighted.
/As long as it doesn't cause me any immediate difficulty, I'll just plod right on and not think about it./
I'm sure that way of doing things never came came back to bite anyone in the arse. </sarcasm>
If laughter is the best medicine, who are the best doctors?
(Score: 0) by Anonymous Coward on Friday May 01 2020, @04:16PM (1 child)
Oh that's right. I'm going to get right on writing my own C compiler, and git implementation, shell, and text editor. Thank god you spoke up.
(Score: 0) by Anonymous Coward on Friday May 01 2020, @05:42PM
Those are horrible examples you bring up. Those programs have been written by teams of competent developers. They also have a history of fixing important issues that get raised because they don't see bugs being pointed out as an attack on their egos. I trust those programs to be handled in a competent manner.
(Score: 0) by Anonymous Coward on Monday May 04 2020, @06:34PM
things were like this long before you were able to own a computer but nice try stupid shill
(Score: 2) by Bot on Saturday May 02 2020, @10:50PM
And here we prove parallel universes do exist.
Account abandoned.
(Score: 4, Insightful) by Bot on Friday May 01 2020, @01:32PM (9 children)
You look at it from your POV, try theirs. Systemd is an instrument of domination, messing with /home is a juicy target to obsolete million mans hours of knowledge and info.
Fact: all those people using linux for multimedia NEED PLAIN HOMES WITH NO ENCRYPTION hogging up the CPU. Ergo, pick antixxx or mx or void or slackware or whatever non systemd distro now. Any time spent with systemd is time lost.
Account abandoned.
(Score: 2) by VanessaE on Friday May 01 2020, @01:37PM (4 children)
All I know for sure is if Debian follows suit, I will be very disappointed...
(considering that Pulse and systemd are already a thing, though THOSE don't seem to be a problem, not like they were in the beginning)
(Score: 2) by Arik on Friday May 01 2020, @01:48PM
http://slackware.com/
If laughter is the best medicine, who are the best doctors?
(Score: 4, Informative) by Anonymous Coward on Friday May 01 2020, @04:49PM
If you see them going for homed, just swap over to the Devuan release targetted at your current Debian version and apt update -> apt dup, then give it a few hours to download and install and reboot :)
(Score: 2, Insightful) by Anonymous Coward on Friday May 01 2020, @09:02PM
Debian and its giant offspring Ubuntu, and their myriad derivatives, have long gone systemd. Millions of users had no choice. Some distro makers had no choice. Upstream changed because a few individuals puttered, and millions sputtered. The problem is getting things done. I choose a distro for its ability to stay out of my way, have all the software I need IN the repos, so I can work. Many of the purist wonderworks have little functionality beyond being a "pure linux". I need the applications and those have dependencies, some of which may tie back to systemd. Also a lot of the "purist" editions look like a worn-out Yugo next to many of the modern Lambos and Porsches in terms of the UI and windows managers. Sad state of Linux in 2020, where one approaching 30's kid dictates the terms for all the usable distros.
(Score: 0) by Anonymous Coward on Saturday May 02 2020, @12:11PM
It would have been so much easier if pots had created his own distro.. I could respect that.
(Score: 2) by meustrus on Friday May 01 2020, @07:38PM (1 child)
Easy solution, assuming homed encryption can be turned off per-user: put the multimedia under a separate user. Give out media access by group.
This is how I manage media in Linux. Mainly I do it so that I could configure Syncthing to maintain redundant copies on multiple machines, running in an isolated account, without giving everyone else access to change the files and break syncing.
If there isn't at least one reference or primary source, it's not +1 Informative. Maybe the underused +1 Interesting?
(Score: 0) by Anonymous Coward on Friday May 01 2020, @08:01PM
>Easy solution, assuming homed encryption can be turned off per-user: put the multimedia under a separate user. Give out media access by group.
It's not simpler than avoiding systemd altogether. Thank you non systemd distro maintainers, beacons of freedom.
(Score: 2) by janrinok on Saturday May 02 2020, @07:34AM
But nobody is making them use it. I fail to see why I should get excited because somebody else uses Gentoo, or another encrypts his hard drives, or they want to do media streaming on an underpowered computer. Why should anyone else get excited about those who are happy to use systemd.
Incidentally, I manage to stream media quite satisfactorily from a server powered by an Athlon 2 X4 605e processor using full drive encryption over my network. No problems. I suppose a P II might struggle though. I do have a problem when 3, 4 or more people are trying to stream simultaneously, but I'm not surprised by that.
(Score: 0) by Anonymous Coward on Sunday May 03 2020, @08:24AM
As of now Firefox disabled checking for the chrome folder in the user profile and for userChrome.css TO SAVE TIME WHEN LOADING FIREFOX.
What utter stupidity. How many people are now looking at the crap that is the new urlbar and other screwups in the UI, following instructions, and not realising their Firefox does not load userChrome.css anymore?
Utter stupidity.
(Score: 5, Informative) by hendrikboom on Friday May 01 2020, @02:06PM (4 children)
/home wasn't around in 1975. Back then my home directory was at /usr/hendrik.
So it's beem around for less than the full 50 years.
-- hendrik
(Score: 1, Interesting) by Anonymous Coward on Friday May 01 2020, @04:52PM (1 child)
I had always wondered why it was called '/usr' but if it was both user binaries and home dirs that would make a lot of sense. Seems like things keep getting under-organized over and over until a restructure is in order, then they break the expectations of the old paradigm, at least in part.
(Score: 0) by Anonymous Coward on Friday May 01 2020, @10:22PM
There was no /usr/bin originally. operating system binaries all went to /bin.
The whole reason /usr/bin came into existence is because the system became too large to fit on the / disk, and there was no raid or dynamic resizing. Only after that were users moved to /home.
(Score: 2) by Bot on Friday May 01 2020, @08:07PM (1 child)
>So it's beem around...
and here is when one of hendrik's fingers mangles accidentally with his looooong grey beard and mistypes.
Account abandoned.
(Score: 2) by hendrikboom on Saturday May 02 2020, @12:00AM
And yes, I do have a long grey beard. Almost white, in fact.
(Score: 2, Redundant) by DannyB on Friday May 01 2020, @02:25PM
So users would get Red Hat support contracts, which would prevent them from having operational problems.
I did not use any no-sarcasm tags hear.
The lower I set my standards the more accomplishments I have.