[arch-general] How will Arch handle systemd 245 and homed?
All, I just read the article about the major change coming to systemd 245 at: https://www.techrepublic.com/article/linux-home-directory-management-is-about-to-undergo-major-change/?ftag=TRE475558a&bhid=12825460&mid=12819432&cid=712355268 What is terrifying is the SSH Problem. 9/10 hosts I interact with I do via ssh. And do we really need LUKS encrypted volumes for every user's $HOME directory? Sure for enterprise setups, etc.. but will there be a way to simply keep a normal unencrypted /home. How would scripts be able to backup certain work locations from user directories if the user is logged out? -- David C. Rankin, J.D.,P.E.
On 5/7/20 22:54, David C. Rankin wrote:
All,
I just read the article about the major change coming to systemd 245 at:
What is terrifying is the SSH Problem. 9/10 hosts I interact with I do via ssh. And do we really need LUKS encrypted volumes for every user's $HOME directory? Sure for enterprise setups, etc.. but will there be a way to simply keep a normal unencrypted /home. How would scripts be able to backup certain work locations from user directories if the user is logged out?
Sytemd 245 is already released and is in Arch repos: https://www.archlinux.org/packages/core/x86_64/systemd/ Arch already has an article on homed in the wiki that answers many of your questions: https://wiki.archlinux.org/index.php/Systemd-homed or the upstream docs: https://www.freedesktop.org/software/systemd/man/systemd-homed.service.html Notably: "However, you must **enable and start** the systemd-homed.service." (emphasis added) "It achieves portability by moving all user-related information into a storage medium, **optionally encrypted**, and creating an ~/.identity file that contains signed information about the user - password, what groups they belong to, UID/GID and other information that would typically be scattered over multiple files in /." (emphasis added) In short: - It is already installed in your system, if it's up-to-date. I'm assuming you did not notice any differences, right? That's because - It's "opt-in" in the first place, and - home directory encryption is *optional*, and - it doesn't interfere with "traditional" (/etc/{passwd,group,shadow}) user databases. There are a lot of systemd haters out there (still) that love to spread plenty of FUD or half-accuracies about systemd. Generally speaking, your best bet is to just simply explore the experience and documentation of a distro that implements systemd properly (like Arch) and ignore anything and everything you read in publications about it. -- brent saner https://square-r00t.net/ GPG info: https://square-r00t.net/gpg-info
On 5/7/20 10:54 PM, David C. Rankin wrote:
All,
I just read the article about the major change coming to systemd 245 at:
This article is full of inaccuracies, and manages to be embarrassingly wrong about the release date, too. It was published April 29, but refers to systemd as "still being RC2 status" while linking to the RC2 from March 3, while the final release was 3 days later on March 6. 2 months later the article is published. Perhaps the author wrote the article months ago and didn't publish it on time, nor update it to match the real world?
What is terrifying is the SSH Problem. 9/10 hosts I interact with I do via ssh. And do we really need LUKS encrypted volumes for every user's $HOME directory? Sure for enterprise setups, etc.. but will there be a way to simply keep a normal unencrypted /home. How would scripts be able to backup certain work locations from user directories if the user is logged out?
You don't need it, systemd-homed is a solution to a problem that doesn't exist (I like many things about systemd, this isn't one of them). Fortunately, it doesn't matter because it is fully optional. It's no different from providing home directories and user accounts via NFS and LDAP/Active Directory. And those didn't cause the standard type of user accounts to stop working, now did they? -- Eli Schwartz Bug Wrangler and Trusted User
participants (3)
-
brent s.
-
David C. Rankin
-
Eli Schwartz