[arch-general] How will Arch handle systemd 245 and homed?
brent s.
bts at square-r00t.net
Fri May 8 03:42:01 UTC 2020
On 5/7/20 22:54, David C. Rankin wrote:
> All,
>
> I just read the article about the major change coming to systemd 245 at:
>
> https://www.techrepublic.com/article/linux-home-directory-management-is-about-to-undergo-major-change/?ftag=TRE475558a&bhid=12825460&mid=12819432&cid=712355268
>
> What is terrifying is the SSH Problem. 9/10 hosts I interact with I do via
> ssh. And do we really need LUKS encrypted volumes for every user's $HOME
> directory? Sure for enterprise setups, etc.. but will there be a way to simply
> keep a normal unencrypted /home. How would scripts be able to backup certain
> work locations from user directories if the user is logged out?
>
Sytemd 245 is already released and is in Arch repos:
https://www.archlinux.org/packages/core/x86_64/systemd/
Arch already has an article on homed in the wiki that answers many of
your questions:
https://wiki.archlinux.org/index.php/Systemd-homed
or the upstream docs:
https://www.freedesktop.org/software/systemd/man/systemd-homed.service.html
Notably:
"However, you must **enable and start** the systemd-homed.service."
(emphasis added)
"It achieves portability by moving all user-related information into a
storage medium, **optionally encrypted**, and creating an ~/.identity
file that contains signed information about the user - password, what
groups they belong to, UID/GID and other information that would
typically be scattered over multiple files in /." (emphasis added)
In short:
- It is already installed in your system, if it's up-to-date. I'm
assuming you did not notice any differences, right? That's because
- It's "opt-in" in the first place, and
- home directory encryption is *optional*, and
- it doesn't interfere with "traditional" (/etc/{passwd,group,shadow})
user databases.
There are a lot of systemd haters out there (still) that love to spread
plenty of FUD or half-accuracies about systemd. Generally speaking, your
best bet is to just simply explore the experience and documentation of a
distro that implements systemd properly (like Arch) and ignore anything
and everything you read in publications about it.
--
brent saner
https://square-r00t.net/
GPG info: https://square-r00t.net/gpg-info
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 899 bytes
Desc: OpenPGP digital signature
URL: <https://lists.archlinux.org/pipermail/arch-general/attachments/20200507/7efadf96/attachment.sig>
More information about the arch-general
mailing list