On 5/7/20 22:54, David C. Rankin wrote: > All, > > I just read the article about the major change coming to systemd 245 at: > > https://www.techrepublic.com/article/linux-home-directory-management-is-about-to-undergo-major-change/?ftag=TRE475558a&bhid=12825460&mid=12819432&cid=712355268 > > What is terrifying is the SSH Problem. 9/10 hosts I interact with I do via > ssh. And do we really need LUKS encrypted volumes for every user's $HOME > directory? Sure for enterprise setups, etc.. but will there be a way to simply > keep a normal unencrypted /home. How would scripts be able to backup certain > work locations from user directories if the user is logged out? > Sytemd 245 is already released and is in Arch repos: https://www.archlinux.org/packages/core/x86_64/systemd/ Arch already has an article on homed in the wiki that answers many of your questions: https://wiki.archlinux.org/index.php/Systemd-homed or the upstream docs: https://www.freedesktop.org/software/systemd/man/systemd-homed.service.html Notably: "However, you must **enable and start** the systemd-homed.service." (emphasis added) "It achieves portability by moving all user-related information into a storage medium, **optionally encrypted**, and creating an ~/.identity file that contains signed information about the user - password, what groups they belong to, UID/GID and other information that would typically be scattered over multiple files in /." (emphasis added) In short: - It is already installed in your system, if it's up-to-date. I'm assuming you did not notice any differences, right? That's because - It's "opt-in" in the first place, and - home directory encryption is *optional*, and - it doesn't interfere with "traditional" (/etc/{passwd,group,shadow}) user databases. There are a lot of systemd haters out there (still) that love to spread plenty of FUD or half-accuracies about systemd. Generally speaking, your best bet is to just simply explore the experience and documentation of a distro that implements systemd properly (like Arch) and ignore anything and everything you read in publications about it. -- brent saner https://square-r00t.net/ GPG info: https://square-r00t.net/gpg-info
Attachment:
signature.asc
Description: OpenPGP digital signature
