Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Operating Systems Software Linux

Systemd-homed: Systemd Now Working To Improve Home Directory Handling (phoronix.com) 238

Freshly Exhumed shares a report from Phoronix, detailing a new set of systemd capabilities shown off by lead developer Lennart Poettering at the annual All Systems Go conference: Improving the Linux handling of user home directories is the next ambition for systemd. Among the goals are allowing more easily migratable home directories, ensuring all data for users is self-contained to the home directories, UID assignments being handled to the local system, unified user password and encryption key handling, better data encryption handling in general, and other modernization efforts. Among the items being explored by systemd-homed are JSON-based user records, encrypted LUKS home directories in loop-back files, and other next-gen features to offering secure yet portable home directories. Systemd-homed is currently being developed in Lennart's Git tree but hopes to see it merged for either systemd 244 (the current cycle) or systemd 245.
This discussion has been archived. No new comments can be posted.

Systemd-homed: Systemd Now Working To Improve Home Directory Handling

Comments Filter:
  • Container homedir (Score:5, Insightful)

    by andydread ( 758754 ) on Friday September 20, 2019 @09:19PM (#59218786)
    not a fan of systemd but encrypted portable home directories as a kind-of a container? I'll take it
    • I, for one, welcome our containerized home directory management overlords.

      Seriously. I like the idea of an encrypted container downloadable to whatever distros I set up. Would take a lot of the pain out of alias management at a minimum. Not sure of the pros/cons against the LUKS loopback file, though, other than that container encryption is optional.

      That slide deck was painful, though. Slow reveal by building one slide over multiple slides is a bad way to do it.

    • by jythie ( 914043 ) on Friday September 20, 2019 @11:45PM (#59219052)
      I think a lot of the individual features systemd contains are useful, it is the borg like takeover and corruption of so much of the system that tends to annoy people.
      • Re:Container homedir (Score:5, Interesting)

        by Anrego ( 830717 ) on Saturday September 21, 2019 @01:05AM (#59219208)

        This is my stance almost entirely.

        I think the idea of a solid well integrated stack of stuff most linux installs are going to need isn't at all bad. A lot of the existing tools, while proven and mature, are also showing their age and the pile of glue required to hold everything together is getting ugly.

        The way it is working towards becoming the only option and anyone trying to use anything else is a second class citizen is what pissed me off. It creates a culture where people are discouraged from trying to do their own thing, because "everyone just uses x" and makes it hard to just replace the one part of your system you personally care about. This to me is going to stifle any innovation that might happen in an environment where everyone was free and encouraged to reinvent whatever wheels in whatever way they felt like.

    • What exactly do you expect to be able to gain from that? Some kind of backup system?
      • Re: (Score:2, Troll)

        It sounds cool. For the cool kids. Way cool. Gee whiz wallakers, oh so cool. The latest fad in new fads.

        There never was any problem which this abortion will solve. Like blockchain, it is a solution in search of a problem. And the cool new cool buzzword of the day for the cool kids. And it is written in Rust, so like double cool! And it has blockchain, so it has three really cool newfangled things for the cool kids to be all "ya like so cool" about.

    • What of that is new? (Score:4, Interesting)

      by BAReFO0t ( 6240524 ) on Saturday September 21, 2019 @09:26AM (#59219938)

      My PC's home directory has been synced to my home server and laptop (and backups), and accessible from my phone, for a decade now.

      Encrypting home directories is a standard feature of every Linux distribution, and trivial to set up nowadays. (Although pointless, when you can still alter the OS to spy on you after you decrypted it to use it.)

      And home directories are "containers" by definition. (No write rights outside the directory, except places that can and will be deleted at any time. No read rights to other users' private areas, unless allowed.)
      The rest is the kernel's job. E.g. using a RBAC solution.

      Looks like more half-assed and cancer-injected NIH from the world's most arrogant case of the Dunning-Kruger effect.

      Just make/ruin your own OS already! And leave actual Linux and actual professionals alone!

  • by Anonymous Coward on Friday September 20, 2019 @09:20PM (#59218790)
    Improving the Linux handling of user home directories is the next abortion for systemd
  • by theskipper ( 461997 ) on Friday September 20, 2019 @09:21PM (#59218792)

    Just this morning I was pondering why my .bashrc file wasn't binary gibberish. Hopefully this fixes it!

  • portable ??? (Score:5, Insightful)

    by jmccue ( 834797 ) on Friday September 20, 2019 @09:27PM (#59218800) Homepage

    other next-gen features to offering secure yet portable home directories.

    Portable to where ? Certainly not portable to non-systemd systems. This seems to be a complete redefinition of the meaning of the word "portable".

    • by fahrbot-bot ( 874524 ) on Friday September 20, 2019 @09:41PM (#59218832)

      other next-gen features to offering secure yet portable home directories.

      Portable to where ? Certainly not portable to non-systemd systems. This seems to be a complete redefinition of the meaning of the word "portable".

      I think he meant "potable" -- for those who like Kool-Aid.

    • At this point, the number of major distros not supporting systemd is rather small and continuing to decline. Slackware, perhaps? But RHEL/CentOS, Debian, Ubuntu, Fedora, Mint, and Arch all use systemd by default. For those choosing non-systemd platforms, the existing architectures should work just fine.

      • FUD. Gentoo, Funtoo, Arch? all support openrc or sysv init as first-class install options. The branch of Linux is growing that supports whatever was supposedly 'essential' from systemd, without the hard dependency infection, is growing back.

        It'll take more time but like a tree stump with healthy roots it will grow back if enough people want it -- and they do.

        • Re: portable ??? (Score:5, Insightful)

          by PrimaryConsult ( 1546585 ) on Friday September 20, 2019 @10:47PM (#59218920)

          Also the non-Linux: BSD, Solaris, AIX... no systemd option at all.

          Right now a home directory served off an NFS share will work for all those as well as Linux (provided you do a small amount of tinkering). That's pretty portable. I'll admit the encryption is a big value-add...

          • Re: portable ??? (Score:4, Insightful)

            by gweihir ( 88907 ) on Saturday September 21, 2019 @12:27AM (#59219138)

            Home-dir encryption is mostly worthless, except in laptops and data-centers. It only protects data that is not accessed, i.e. the user is not logged in. The scenario for that is basically your disks being stolen. If somebody hacks your machine, they can just wait until you log in and then get all your data.

        • You could probably hack around systemd in Arch, but it's definitely not first class. That said, you can do many things (like networking / DNS / etc) without systemd, but it's still required for init.

      • by bobby ( 109046 )

        Alpine!

        https://alpinelinux.org/ [alpinelinux.org]

        https://distrowatch.com/table.php?distribution=alpine [distrowatch.com]

        Yes, it starts with busybox but you can install any/all real packages in place of the busybox versions.

    • by Cyberax ( 705495 )
      Portable between computers. You can put your home directory on a USB stick, plug it in and it'll work. And nothing makes them unportable to non-systemd systems - directories are still directories.
      • Re:portable ??? (Score:5, Interesting)

        by HiThere ( 15173 ) <[ten.knilhtrae] [ta] [nsxihselrahc]> on Friday September 20, 2019 @10:06PM (#59218882)

        I've been able to do that for decades. So he's got to mean something else, and probably unpleasant.

        • by gweihir ( 88907 )

          Same here. Linux home-directories are "portable" as they are.

        • What it probably means is using some sort of key to identify the user, instead of just a numeric user id. That would have lots of uses, especially combined with encryption.

          Mountable filesystems won't be going away, so it is just a use case enabled.

    • Aren't they already portable? I think they have been portable for decades.

      • by q_e_t ( 5104099 )
        Yes, and no. If you have retired's UID set to 1000 on your system and I have qet set to 1000 on mine your home directory isn't instantly portable to my system and vice versa. This has been an issue for shared systems that may wish to support ephemeral users without needing to chown and chmod things in both directions (which may be time consuming) for decades. You could containerise, but you still may wish to share data and have it moderately securely encapsulated without encryption, so containerisation isn'
  • More JSON misuse (Score:5, Interesting)

    by Lije Baley ( 88936 ) on Friday September 20, 2019 @09:32PM (#59218812)

    Why?

  • by Livius ( 318358 ) on Friday September 20, 2019 @09:34PM (#59218814)

    I'm sure there are interesting and creative ideas out there for home directories, but this sounds a lot like fixing something that isn't broken. Which is often a sign of someone (or some project) with no clue what they are doing.

    • Re:Improve? (Score:5, Interesting)

      by Cyberax ( 705495 ) on Friday September 20, 2019 @09:36PM (#59218822)
      Home directories have been "broken" since forever. Try using NFS-mounted directories on a shared computer and you'll see it.

      It's fixable, but always requires custom configuration. The new homed will automate it.
      • Got on a system that used NFS-mounted home directories for portability across multiple systems. That was...interesting.

        And then they screwed up NFS permissions and a lot of stuff became visible that wasn't supposed to be.

        • by MrKaos ( 858439 )

          Got on a system that used NFS-mounted home directories for portability across multiple systems. That was...interesting.

          And then they screwed up NFS permissions and a lot of stuff became visible that wasn't supposed to be.

          Seems like they understood ownership, but not groups.

      • Re:Improve? (Score:5, Informative)

        by Anrego ( 830717 ) on Friday September 20, 2019 @10:01PM (#59218868)

        Agree. Actually trying to be open minded about this one. A lot of the problems brought up (from what I could muscle through of that slide deck) are things I've complained about for years. In a world where having multiple devices and shared file systems is very much the norm, Linux feels like its in the dark ages. I said it below already, but it's crazy to me that I can't for instance have firefox open on my laptop and desktop at the same time on a mounted home directory without resorting to separate profiles.

        When it comes to security, NFS has two security modes: swiss cheese UID based, secure but super complicated and fragile kerberos based. We've need a middle ground for home users that mostly just works with minimal setup.

        I'll admit to some NIH kneejerk, especially around the encryption stuff, but that is largely because I've rolled my own over the years.. which is largely because a good out of the box solution still doesn't really exist. All the tools are there, but gluing them together is still harder then it aught to be. I'd welcome something that does a good job at just making this stuff work in some kind of sane manner.

        • by jythie ( 914043 )
          See, now if someone was simply developing an NFS replacement that handled things better then it would probably get a lot less blowback... though does anyone actually use NFS anymore? Last time I implemented shared home directories it was using OpenCloud which did pretty much what you describe.
          • by Anrego ( 830717 )

            OpenCloud?

            Actually asking. Quick google search turned up nothing that seemed related.

            I've spent a fair bit of time trying to accomplish the use case of:

            - Live shared file system (actually shared, not synced dropbox style).
            - Encrypted
            - Reasonable performance
            - Ideally centralized identity, though could live without this

            I've yet to find anything that ticks all those boxed besides kerberos+ldap+nfs. I'm definitely interest if something actually exists or is on the verge of existing.

            • by jythie ( 914043 )
              oops, 'ownCloud', not openCloud. Not terribly awake.

              It probably will not work well for you if you already haven't had luck with a dropbox style setup since it does something similar. But it did mean we had one server with the shared home area and other machines mounted it like NFS. It worked for us, but our use case might have simply worked well with it. No one way, for instance, running firefox with it.
              • by Anrego ( 830717 )

                Ah, yeah that makes more sense.

                I've looked into owncloud for other uses, but yeah, it doesn't really give me what I want as far as shared directories.

          • by Cyberax ( 705495 )
            I've been using NFS back when I was working with molecular biology. I was mounting the home folder from the central NFS server that was also mounted on all compute nodes. So it automatically meant that all the compute nodes got the most recent code, with compute tasks being simple shell invocations. It worked OK, but setting up everything to work correctly without UID conflicts was a PITA.

            These days people just use Docker.
          • by theCoder ( 23772 )

            Yes, NFS is used quite a lot. My employer uses it to have shared home (and application and program) mount points between all the computes on the Linux network. There are thousands of users and machines on the network. LDAP is used for authentication and user management. I have a similar setup at home, though obviously with quite a few fewer machines and users :)

            The biggest problem is that it is difficult if not impossible to have a laptop in this situation. The machines all like to be online all the ti

      • Don't use NFS, it's broken and has been forever.
        Just designate a shared subdir within your homedir, sshfs mount that wherever (or us Next loud/sync tool of choice there) and Bob's yer Uncle.

        • Have you ever tried running Chrome on a computer with a shared home directory - no matter if itâ(TM)s replicated or stored on a server? I have... itâ(TM)s.. bad.
        • That doesn't work if you want to run a computer lab and have everyone's home directory exported to every computer in the lab. That used to work, I don't know when (or if) it ever stopped.
    • Re:Improve? (Score:4, Insightful)

      by fahrbot-bot ( 874524 ) on Friday September 20, 2019 @09:42PM (#59218840)

      ... but this sounds a lot like fixing something that isn't broken.

      Can't that be said about many (most?) of the systemd modules?

      • Re: (Score:3, Insightful)

        by gweihir ( 88907 )

        It can and with more than just a bit of justification. Systemd created problems, it does not solve them.

        • "Systemd created problems, it does not solve them." - that probably says more about your abilities than reality as most of the major distros etc use systemd quite successfully
  • No json (Score:4, Insightful)

    by enigma32 ( 128601 ) on Friday September 20, 2019 @09:35PM (#59218818)

    I don't really see what's broken for the vast majority of users about most of those things.

    And please dear god no JSON. It is quite possibly the worst possible format for configuration information.
    At least use YAML if we must do something so silly.

    But really, can these people just stop fixing things that aren't broken?

    • Could be worse. Could be XML. At least JSON is (mostly) reasonably readable.

      • Re:No json (Score:5, Insightful)

        by Lije Baley ( 88936 ) on Friday September 20, 2019 @10:15PM (#59218890)

        You've obviously never misplaced a comma in your life. Lucky you.

      • There's no reason to have executable . bashrc files. We can make it declarative.
        • by theCoder ( 23772 )

          I hope that's sarcasm. My ~/.bashrc executes a lot of things, especially at work where I have more going on. It uses 'bind' to modify the shell configuration. It interrogates the system to see if it is an interactive shell or just running a command, or if it is local or remote. It checks for the existence of files before doing things. It might execute ClearCase commands (at work) to ensure that views and VOBs are started. It runs 'fortune' to give me a nice joke on each new shell.

          Arguably, most things

      • by q_e_t ( 5104099 )
        XML would be better, not worse.
    • by Anrego ( 830717 )

      Solution seems overkill, but there is some truth in some of the problems.
      I like mounted home directories, but a lot of programs (ex: firefox) can't handle being opened at the same time from multiple machines, and for a lot of things (ex: window managers) you'd want the same basic configuration but tuned on a machine by machine basis. Now these problems should be handled at the program level, but I'd welcome a kind of cleaner unionfs type deal where bits and pieces of your home directory are machine specific

    • by reanjr ( 588767 )

      The worst? Really? Worse than XML? Worse than the Windows Registry?

  • by oldgraybeard ( 2939809 ) on Friday September 20, 2019 @09:40PM (#59218830)
    absorbing our World in to his personal Systemd Overloard empire.

    Glitch once take everything down.

    Just my 2 cents ;)
  • folders. I don't leave anything in it. It is just a place for my temporary in-process work.

    Just my 2 cents ;)
    • by Anrego ( 830717 )

      I have my home directories local and basically symlink out anything I want shared across machines. A bit of a pain, but its been my workaround for some time and I've gotten used to it.
      I love the idea of just having my home directory on an nfs mount, but it (still) causes way too many problems.

  • by fahrbot-bot ( 874524 ) on Friday September 20, 2019 @09:46PM (#59218852)

    Can we all agree to give Lennart, say, $5 each every year with the condition that he never develops software again.

  • by Don Bright ( 6038350 ) on Friday September 20, 2019 @10:06PM (#59218880)
    my conclusion is that basically, Lennart views the diversity of the open source world as a problem. whereas i view diversity as a strength. These philosophies are fundamentally at odds with each other and it is very difficult to find common ground. We are losing species to extinction. We are losing human languages to extinction. We are losing human cultures to extinction. We are losing things that we need to survive long term as a species. Witness the failure of monocultures like the Banana plant and the frantic helplessness of the decision makers what to do in a crisis? More operating system diversity is a sign of a health operating system ecosystem. That is my opinion. I think this is why i dont like systemd.
    • by Anonymous Coward on Friday September 20, 2019 @11:20PM (#59218976)

      It has always been a tricky balance. Having more than one way of doing things is great, but it does make things more complex and often less usable and reliable. A good well integrated all-in-one solution is going to have a much better chance of being usable and reliable, but at the expense of flexibility and as you said, diversity. There is a lot of value in having a bunch of disparate groups all coming up with their own ways to accomplish the same thing, but trying to glue all that together into a cohesive system for regular users is difficult.
      I'm actually not as opposed as I once was to a big all encompassing stack of services that is designed to work well together. I'm not saying systemd is that in practice, but the concept at least is valid.
      What would be really nice if if multiple people were also trying to achieve that same goal in different ways. Right now your options are basically to glue together a bunch of semi-compatible tools with piles of shell scripts like we've always done, or go with systemd.

      • by drinkypoo ( 153816 ) <drink@hyperlogos.org> on Saturday September 21, 2019 @07:10AM (#59219624) Homepage Journal

        "Right now your options are basically to glue together a bunch of semi-compatible tools with piles of shell scripts like we've always done, or go with systemd."

        Shell scripting is a CENTRAL UNIX FEATURE. Some people don't seem to understand that is a big deal. When Unix was invented, literally none of the stuff that characterizes it was common place. Flat files, everything's a file, unstructured file access, shell scripting, self hosting... All of that was unusual.

        When people complain that their Unix system is built out of shell scripts, what they're doing is proving that they don't understand Unix.

        When people laud systemd for unifying the various parts of Linux, they're proving it all over again. Systemd does nothing we couldn't do before, it doesn't make the system simpler, and it makes Linux less unixlike by failing to conform to the most basic law of Unix programs: do one thing, do it well, and do it interoperably. It's an attempt to make Linux into windows in spite of the fact that this is not a desirable outcome.

        People who don't understand Unix and don't have the competence to reimplement it even poorly apparently have to settle for fucking it up for everyone else.

    • by Kjella ( 173770 ) on Saturday September 21, 2019 @03:51AM (#59219370) Homepage

      I like diversity in general, but not in the base definitions/environment/infrastructure. Like do we drive on the left or right side of the road, do we read from left to right or right to left, do we use metric or imperial units, what shape is the electric plug and so on. The equivalent in computers are things like little or big endian, line endings, path delimiters, how do we do basic I/O and such. For the most part I try to use languages/libraries that abstract away the differences, not just between Linux distributions but between Win/Mac/Linux altogether and between different hardware and types of configurations. Like 99.999% of the time I don't care if the input comes from a PS/2 or USB or Bluetooth keyboard but the system obviously has to deal with it somehow. So far, I doubt I've said anything controversial.

      You might say the answer is standards and libraries. But not everything can be solved by each application doing their own thing, for example audio. I'm not talking about Pulseaudio, I'm talking about OSS, ALSA, ESD, Jack etc. that existed before that to negotiate and mix sound between applications and hardware. Linux has many of them like timed, bluetoothd, inetd, crond that are all effectively mini-monopolies in their little corner. For that matter you can include X, almost everything that wants to draw to the screen talks one protocol with Wayland trying to make a do-over. Same with the file systems and the three-level, three type permissions (user/group/other with read/write/execute), the file system structure and the other foundations everything else rests on.

      Part of me absolutely wants to throw all that micromanagement out the window and say have one "system environment version" that defines all the available services and their minimum versions. I guess it's something like Linux Standard Base, except it really never took off. Like it's the applications that are supposed to be diverse, not a dozen ways to play sound. The other part of me is worried that in that big grab bag some of the services will be lacking in features or rotten in quality but become the de facto standard simply by being part of the systemd family. But it is possible to work within one project and make it work well if you have the right person on top - after all the Linux kernel works that way not through competing forks. It's just that Lennart Poettering is no Linus Torvalds...

  • by rnturn ( 11092 ) on Friday September 20, 2019 @11:17PM (#59218966)

    Once I get good information about how easy/hard it is to run KDE on either of those, I'll be planning my migrating off of systemd-based distributions. Enough is enough. I'm sick and tired of Poettering's bizarre Windows-inspired changes to Linux.

  • by gweihir ( 88907 ) on Friday September 20, 2019 @11:25PM (#59218996)

    The major contribution of systemd, that nobody with a clue wants.

  • They don't use systemd in their WSL or WSL2 Linux builds.

    It seems they aren't fans of it either.

  • by anarcobra ( 1551067 ) on Saturday September 21, 2019 @04:03AM (#59219402)
    But after reading the actual slide deck it seems like a fairly reasonable proposal.
    My main concern was how to prevent a random usb key with one of these home directories on it from letting anyone log in,
    but he addresses that with signed user credentials.
    How will that work in practice though if you want to change something? Do you have to send it to the server to get signed?
    What if I want wheel but only one my personal machine, not on every pc in the lab?
  • *sits back* *grabs popcorn*

  • by flyingfsck ( 986395 ) on Saturday September 21, 2019 @06:32AM (#59219574)
    One day when OpenBSD and Slackware use Systemd, then I'll just have to quit using computers and put a new battery in my abacus...

Ocean: A body of water occupying about two-thirds of a world made for man -- who has no gills. -- Ambrose Bierce

Working...