The team behind systemd wants you to adopt a new way of managing personal directories. To call it a “new way” is to put it lightly – it’s a real paradigm shift for Linux. Here’s everything you need to know about systemd-homed, which will likely arrive in a Linux distribution near you.
When systemd was introduced in 2010, the Linux community has been divided into three camps. Some thought it was an improvement, and others thought it was a flawed design that did not adhere to Unix philosophy. And some people didn’t care one way or another.
Songs of violence against Poettering have been posted on YouTube, and websites have appeared to try to coerce Linux users to boycott systemd. His co-developer, Kay Sievers, has also received criticism and abuse, but Poettering has certainly suffered the brunt.
However, in eight months, Fedora was using systemd. End 2013, Camber, Debian, Manjaro, and Ubuntu had all moved to systemd. Of course, the glory of open source is that if you don’t like something, you can force the source code and do your own thing with it. New distributions – like Devuan, which was a fork of Debian, were created only to avoid using systemd.
Your $ HOME Directory
in the Linux directory structure, everything you do resides in the “/ home” directory. Your data files, images, music and the entire personal directory tree are stored in this directory named after your user account.
Your application settings are stored in your personal folder in hidden “dot directories”. If the first character of a file or directory name is a period (.), It is hidden. Because these settings are stored locally and not in a central registry – and because a backup of your home directory includes these hidden files and folders – all of your settings are also backed up.
When you restore a backup and launch an application, such as LibreOffice or Thunderbird, it searches for its hidden directory. It also finds your document preferences, toolbar settings, and any other customizations. Thunderbird finds your email account information and your email. You don’t have to go through the trouble of slowly configuring each app.
You can use ls with the -a (all) option to see hidden files and directories. First, enter the following:
This shows you the usual files and directories. Then enter the following:
Now you can see the hidden files and directories.
Since this is the most valuable part of an installation, it is common for the “/ home” directory to be mounted on its own partition or on a separate hard drive. This way, if something catastrophic happens to the operating system or the partition on which it is located, you can either reinstall your Linux distribution or upgrade to a new one. Then you can simply reassemble your existing home partition to “/ home”.
Data about you
Your personal directory does not only store your data; it also stores information about you. including certain attributes of your digital identity. For example, your “.ssh” directory stores information about the remote connections you have established with other computers and any SSH keys you have generated.
Other system attributes, such as username, password and unique account user id, are stored elsewhere in files such as “/ etc / passwd” and “/ etc / shadow”. Anyone can read some of them, but others can only be read by people with root privileges.
Here is what the contents of the “/ etc / passwd” file look like:
chat / etc / passwd
Changes hosted by Systemd
The objective of the modifications hosted by systemd is to provide a fully portable personal directory containing both your data and your Linux digital identity. Your UID and all other identification and authentication mechanisms will be stored only in your personal directory.
Because of their “all eggs in one basket” design, home directories are encrypted. They are automatically decrypted each time you log in and encrypted again when you log out. The preferred method is to use the Linux Unified Key Configuration (LUKS) disk encryption. However, there are other diets, such as fscrypt.
Each person’s home directory is mounted on a loopback device, similar to the way a snap application is mounted. This is how the directory tree in the base directory appears as a transparent part of the directory tree of the operating system. The default mount point is “/home/$USER.homedir” (“$ USER” is replaced with the person’s account name).
What are the benefits?
Because your home directory becomes a secure encapsulation of all your data, you can even have your home directory on a removable device. For example, you can use a USB key to move it between your work computer and your personal computer, or any other computer hosted by the system.
This is what Poettering meant by “a fully portable personal directory”. He said that even if you don’t want to move your home directory to a portable device, it will make upgrades and migrations easier and increase security.
It removes what it calls “sidecar databases”, which contain extracts of important information about you which, according to Poettering, should be centralized. The files “/ etc / passwd” and “/ etc / shadow” contain authentication information and hashed passwords. However, they also contain information such as your default shell, General Electric General Operations Supervisor (GECOS).
Poettering said this metadata should be streamlined and stored in meaningful groups in each person’s JSON record in their personal directory.
Manage your new $ HOME
The service hosted by systemd is controlled by the new homectl command line tool.
There are options for creating users and home directories and setting storage limits for each user. You can also set the password, lock someone out of their account, or completely delete an account. Users can be inspected and their JSON user records can also be read.
Time zones and other location information can also be set for each user. You can specify the default shell and even set environment variables to be in a certain state every time someone logs in.
If you look in the “/ home” directory, you see managed entries hosted by systemd that look like the following, with “.homedir” added to the username:
Remember, this is just a mount point. The location of the encrypted personal directory is elsewhere.
Limitations and problems
systemd-homed should only be used on human user accounts. It cannot manage user accounts with a UID less than 1000. In other words, root, daemon, bin, etc. cannot be administered using the new regimen. There will always be a need for standard methods of user administration. Therefore, systemd-homed is not a global solution.
There is a catch-22 that needs to be resolved. As we mentioned earlier, a person’s personal directory is decrypted each time they connect. But if someone remotely accesses the computer via SSH, the SSH keys of the personal directory cannot be referenced because the personal directory is always encrypted until no one connects. Of course, you need SSH keys to authenticate before you can connect.
This was a problem recognized by the systemd hosted team, but we could not find any reference to a fix for this problem. We are sure they will find a solution; it would be a dramatic fall if it weren’t.
Suppose someone is transporting their home directory to a new machine. If someone else already uses the UID on the new machine, a new UID will be automatically assigned to them. Of course, all of its files will need to be reassigned to their new UID.
Currently, this is managed by a recursive and automatic application of the chown -R command. This will likely be treated differently in the future when a more elegant scheme is developed. This cumbersome approach does not take into account the daemons and processes that run as other users.
When does this happen?
To check which version you have, type the following:
However, the homectl command is not yet present. Ubuntu 20.04 uses a traditional / home directory and does not use homed systemd.
Of course, it is up to individual distributions to decide when they will include and support systemd-homed and homectl.
Thus, no one needs to switch to on forks and lit torches. Since the standard methods of managing users and home directories will remain, we will all still have choices.