https://hackaday.com/2019/10/16/pack-yo ... e/#content
Since the beginning of time, users have been stored in the /etc/passwd file, which includes among other things the username, a system-unique user id, and the home directory location. Traditionally, the user’s password was also stored in hashed form in that file — and it might still be the case on some, for example embedded systems — but was eventually moved to a separate /etc/shadow file, with more restricted file permissions. So, after successfully logging in to the system with the password found in the shadow file, the user starts off in whichever location the home directory entry in /etc/passwd is pointing to.
Yet, if you had to design a similar system today from scratch, would you really opt for the same concept? Would your system architect, your teacher, or even you yourself really be fine with duplicate database entries (usernames both in passwd and shadow file), unenforced relationships (home directory entry and home directory itself), and just random additional data without rhyme or reason: resource management, PAM, network authentication, and so on? Well, as you may have guessed by now, Lennart Poettering isn’t much a fan of that, and with systemd-homed he is aiming to unite all the separate configuration entities around user management into one centralized system, flexible enough to handle everything the future might require.
So instead of each component having its own configuration for all users, systemd-homed is going to collect all the configuration data of each component based on the user itself, and store it in a user-specific record in form of a JSON file. The file will include all the obvious information such as username, group membership, and password hashes, but also any user-dependent system configurations and resource management information, and essentially really just anything relevant. Being JSON, it can virtually contain whatever you want to put there, meaning it is easily extendable whenever new features and capabilities are required. No need to wonder anymore which of those three dozen files you need to touch if you want to change something.
In addition to user and user-based system management, the home directory itself will be linked to it as a LUKS encrypted container — and this is where the interesting part comes, even if you don’t see a need for a unified configuration place: the encryption is directly coupled to the user login itself, meaning not only is the disk automatically decrypted once the user logs in, it is equally automatic encrypted again as soon as the user logs out, locks the screen, or suspends the device. In other words, your data is inaccessible and secure whenever you’re not logged in, while the operating system can continue to operate independently from that.
But with user management and home directory handling in a single place and coupled together, you can start to dream of additional possible features. For instance, portable home directories that double as self-contained users. What that means is that you could keep the home directory for example on a USB stick or external disk, and seamlessly move it between, say, your workstation at home and your laptop whenever you’re on the move. No need to duplicate or otherwise sync your data, it’s all in one place with you. This brings security and portability benefits.
Further reading :
Systemd – How it starts Your system
https://linuxhint.com/systemd_hot_it_st ... ur_system/
systemd-homed
systemd-homed
Last edited by labbe5 on Mon 21 Oct 2019, 10:08, edited 1 time in total.
- Moose On The Loose
- Posts: 965
- Joined: Thu 24 Feb 2011, 14:54
Re: systemd-homed
The hackers and system invaders will love it.labbe5 wrote:https://hackaday.com/2019/10/16/pack-yo ... e/#content
e place with you. This brings security and portability benefits.
We have a well tested system in place.
There is no problem that needs fixing.
By definition "it isn't broken" and yet "they are going to fix it".
Wow, almost like a multisession compact disc!What that means is that you could keep the home directory for example on a USB stick or external disk, and seamlessly move it between, say, your workstation at home and your laptop whenever you’re on the move.
True freedom is a live Puppy on a multisession CD/DVD.
-
- Posts: 721
- Joined: Sat 31 Mar 2018, 08:01
- Location: Rakaia
- Contact:
It's yet another case of "Let's break what is not broken". Also continually moving the goalposts so what we know becomes worthless and needs discarded and the newest introductions need yet another certification course of full-on expensive (including in terms of wasted lifetime) studies.
Or, if someone doesn't have control over something, then they endeavour to change the something so they then have the control over it and the people using it.
That's very different from adding an optional new feature (via perhaps forking) whilst keeping 100% backwards compatibility so users are free to choose whether to adopt the new version/feature if they so choose, with no harm done whatsoever to the overall existing knowledge-base and underlying infrastructure.
Or, if someone doesn't have control over something, then they endeavour to change the something so they then have the control over it and the people using it.
That's very different from adding an optional new feature (via perhaps forking) whilst keeping 100% backwards compatibility so users are free to choose whether to adopt the new version/feature if they so choose, with no harm done whatsoever to the overall existing knowledge-base and underlying infrastructure.
WeeDogLinux forum: https://weedoglinux.rockedge.org/viewforum.php?f=4
Tiny Linux Blog: https://www.tinylinux.info/
Check Firmware: http://murga-linux.com/puppy/viewtopic.php?p=1022797
Tiny Linux Blog: https://www.tinylinux.info/
Check Firmware: http://murga-linux.com/puppy/viewtopic.php?p=1022797
Just another (not so bright) idea from the creator of pulseaudio and systemD.
[size=75]( ͡° ͜ʖ ͡°) :wq[/size]
[url=http://murga-linux.com/puppy/viewtopic.php?p=1028256#1028256][size=75]Fatdog multi-session usb[/url][/size]
[size=75][url=https://hashbang.sh]echo url|sed -e 's/^/(c/' -e 's/$/ hashbang.sh)/'|sh[/url][/size]
[url=http://murga-linux.com/puppy/viewtopic.php?p=1028256#1028256][size=75]Fatdog multi-session usb[/url][/size]
[size=75][url=https://hashbang.sh]echo url|sed -e 's/^/(c/' -e 's/$/ hashbang.sh)/'|sh[/url][/size]
I wish they had stuck to pulseaudio - I could accept that as an (optional) layer above alsa. Actually I could have accepted systemd simply as an alternative init were it not for the fact that it is also invasive (like an out-of-control weed that smothers everything else). Thank goodness for eudev.rufwoof wrote:Just another (not so bright) idea from the creator of pulseaudio and systemD.
wiak
WeeDogLinux forum: https://weedoglinux.rockedge.org/viewforum.php?f=4
Tiny Linux Blog: https://www.tinylinux.info/
Check Firmware: http://murga-linux.com/puppy/viewtopic.php?p=1022797
Tiny Linux Blog: https://www.tinylinux.info/
Check Firmware: http://murga-linux.com/puppy/viewtopic.php?p=1022797