System will change how your Linux home directory works

The / home directory highlighted in a graphical Linux file manager.

The team behind systemd you want it to adopt a new way of managing your home directories. To call it a “new way” is to put it lightly: this is a true paradigm shift for Linux. Here is everything you need to know systemd-homed, which will probably hit a nearby Linux distribution.

No stranger to controversy

When systemd was introduced in 2010, the Linux community was divided into three camps. Some thought it was an improvement, and some thought it was a flawed design that did not adhere to the Unix philosophy. And some didn’t care one way or another.

The reaction of the opponents was strong, heated and, in some cases, almost fanatical. Lennart Poettering, software engineer at Red Hat and co-developer of systemd, he even received death threats.

Songs advocating violence towards Poettering were posted on YouTube and websites appeared attempting to force Linux users to boycott. systemd. Your co-developer, Kay sievers, also received criticism and abuse, but Poettering certainly got the worst of it.

However, within eight months, Fedora was using systemd. At the end of 2013, Arc, Debian, Manjaro, and Ubuntu everyone had moved to systemd. Of course, the glory of open source is that if you don’t like something, you can fork the source code and do your own thing with it. New distributions, such as Devuan, which was a fork of Debian, were created solely to avoid using systemd.

RELATED: How to Manage Systemd Services on a Linux System

Your $ HOME directory

In the Linux directory structure, everything you do resides in the “/ home” directory. Your data files, pictures, music and the entire personal directory tree are stored within this directory named after your user account.

Your application settings are stored in your home folder in hidden “dot directories”. If the first character of a file or directory name is a period (.), It is hidden. Because these settings are stored locally and not in a central registry, and because a backup of your home directory includes these hidden files and folders, all of your settings are backed up as well.

When you restore a backup and start an application, such as LibreOffice or Thunderbird, it looks for its hidden directory. It also looks for your document preferences, toolbar settings, and any other customizations. Thunderbird finds your email account information and your email. You don’t have to go through the pain of slowly setting up each app.

You can use ls with the -a (all) option to view hidden files and directories. First, write the following:

ls

This shows you the usual files and directories. Then type the following:

ls -a

Now, you can see the hidden files and directories.

Because it is the most valuable part of an installation, it is common for the “/ home” directory to be mounted on its own partition or on a separate hard drive. This way, if something catastrophic happens to the operating system or the partition it is on, you can reinstall your Linux distribution or switch to a new one. Then you can simply remount your existing home partition to “/ home”.

RELATED: The Linux directory structure, explained

Data about you

Your personal directory doesn’t just store your data; it also stores information about you. including some attributes of your digital identity. For example, your “.ssh” directory stores information about the remote connections you have made with other computers and the SSH keys you have generated.

Other system attributes, such as username, password, and unique user ID for your account, are stored elsewhere in files such as “/ etc / passwd” and “/ etc / shadow”. Some of these can be read by anyone, but others can only be read by people with root privileges.

This is what the contents of the “/ etc / passwd” file look like:

cat /etc/passwd

RELATED: How to change user data with chfn and usermod on Linux

The systemd-homed changes

The intention of the systemd-homed changes is to provide a fully portable home directory with your data and your Linux digital identity stored in it. Your UID and all other identification and authentication mechanisms will be stored only within your personal directory.

Due to its “all eggs in one basket” design, home directories are encrypted. They are automatically decrypted each time you log in and re-encrypted each time you log out. The preferred method is to use the Linux Unified Key Configuration (LUKS) disk encryption. However, there are other schemes available, such as fscrypt.

TO JavaScript object notation The user registry (JSON) stores all your identity information in a directory called “~ / .identity”. It is cryptographically signed with a key that is beyond your control.

Each person’s home directory is mounted on a loopback device, similar to the way snap the application is mounted. This is so that the directory tree within the home directory appears as an integrated part of the operating system directory tree. The default mount point is “/home/$USER.homedir” (“$ USER” is replaced by the person’s account name).

What are the benefits?

Because your home directory becomes a safe encapsulation of all your data, you could even have your home directory on a removable device. For example, you can use a USB drive to move it between work and home machines, or any other systemd-homed computer.

This is what Poettering meant by “a completely portable personal directory”. He said that even if you don’t want to move your home directory on a portable device, this will make upgrades and migrations easier and increase security.

He removes what he calls “companion databases,” which contain bits of important information about you that Poettering thinks should be centralized. The files “/ etc / passwd” and “/ etc / shadow” contain authentication information and hashed passwords. However, they also contain information such as your default shell, the General Electric Comprehensive Operational Supervisor (GECOS) field.

Poettering said this metadata they should be streamlined and stored in meaningful groups within each person’s JSON record in their home directory.

Manage your new $ HOME

The systemd-homed The service is controlled through the new homectl command line tool.

There are options to create users and home directories and set storage limits for each user. You can also set the password, block someone from your account, or delete an account entirely. Users can be inspected and their JSON user records can also be read.

Time zones and other location-based information can also be configured for each user. You can specify the default shell and even set environment variables to be in a certain state every time someone logs on.

If you look in the “/ home” directory, you will see systemd-homed Managed entries that look like the following, with “.homedir” appended to the username:

/home/dave.homedir

Remember, this is just a mount point. The location of the actual encrypted home directory is elsewhere.

Limitations and problems

systemd-homed it is only for use in human user accounts. It cannot handle user accounts with a UID of less than 1000. In other words, root, daemon, bin, etc. cannot be managed with the new schema. There will always be a need for standard ways of managing users. Therefore, systemd-homed it is not a global solution.

There is an acquaintance 22 captures that needs to be resolved. As we mentioned earlier, a person’s home directory is decrypted every time they log in. But if someone remotely accesses the computer via SSH, the SSH keys cannot be referenced in the home directory because the home directory is still encrypted until that time person logs in. Of course, SSH keys are needed to authenticate before you can log in.

This was a problem recognized by the systemd-homed team, but we couldn’t find any reference on a solution for this. We are sure that they will find a solution; it would be a spectacular fall if they didn’t.

Let’s say someone transports their home directory to a new machine. If someone else is already using the UID on the new machine, a new UID will be assigned automatically. Of course, all your files will need to have their ownership reassigned to the new UID.

Currently, this is handled by an automatic and recursive application of the chown -R command. This will likely be handled differently in the future when a more elegant scheme is developed. This heavy-handed approach does not take into account daemons and processes that run like other users.

RELATED: How to create and install SSH keys from the Linux Shell

When is this happening?

This is happening now. The code changes were shipped on January 20, 2020, and included in build 245 of systemd, which shipped with Ubuntu 20.04 in April 2020.

To check which version you have, type the following:

systemd --version

The homectl However, the command is not present yet. Ubuntu 20.04 uses a traditional / home directory and does not use systemd-homed.

Of course, it is up to the individual distributions to decide when they will include and support systemd-homed Y homectl.

Therefore, it is not necessary for anyone to enter forks and torches on mode. Because the standard methods for managing users and home directories will remain, we will all have options.

Leave a Reply