On 5/7/20 22:54, David C. Rankin wrote:
All,
I just read the article about the major change coming to systemd 245 at:
What is terrifying is the SSH Problem. 9/10 hosts I interact with I do via ssh. And do we really need LUKS encrypted volumes for every user's $HOME directory? Sure for enterprise setups, etc.. but will there be a way to simply keep a normal unencrypted /home. How would scripts be able to backup certain work locations from user directories if the user is logged out?
Sytemd 245 is already released and is in Arch repos: https://www.archlinux.org/packages/core/x86_64/systemd/ Arch already has an article on homed in the wiki that answers many of your questions: https://wiki.archlinux.org/index.php/Systemd-homed or the upstream docs: https://www.freedesktop.org/software/systemd/man/systemd-homed.service.html Notably: "However, you must **enable and start** the systemd-homed.service." (emphasis added) "It achieves portability by moving all user-related information into a storage medium, **optionally encrypted**, and creating an ~/.identity file that contains signed information about the user - password, what groups they belong to, UID/GID and other information that would typically be scattered over multiple files in /." (emphasis added) In short: - It is already installed in your system, if it's up-to-date. I'm assuming you did not notice any differences, right? That's because - It's "opt-in" in the first place, and - home directory encryption is *optional*, and - it doesn't interfere with "traditional" (/etc/{passwd,group,shadow}) user databases. There are a lot of systemd haters out there (still) that love to spread plenty of FUD or half-accuracies about systemd. Generally speaking, your best bet is to just simply explore the experience and documentation of a distro that implements systemd properly (like Arch) and ignore anything and everything you read in publications about it. -- brent saner https://square-r00t.net/ GPG info: https://square-r00t.net/gpg-info