Re: strawman proposal: homed directories for users

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Fri, Oct 4, 2024 at 11:05 AM Zbigniew Jędrzejewski-Szmek
<zbyszek@xxxxxxxxx> wrote:
>
> Hi folks,
>
> I was recently doing a bunch of test reinstalls of Fedora [1],
> looking to see if it's complicated to retain the user directories
> during a reinstall. The answer is, sadly, that it's possible only with
> some manual tinkering. This is a known problem [2].
>
> With a little bit of trickery, Anaconda will let the "home" subvolume
> be and install the system to a new "root" subvolume, so user data is
> preserved. But then after a reboot a new user will be created, because
> the old user is not hooked up into /etc/passwd.
>
> We actually have a partial solution for this: systemd-homed.
> With systemd-homed the information about the user is maintained in the
> user directory/subvolume/partition, e.g. /home/username.homedir.
> After a reinstall, ideally nothing needs to be done and the user
> account is ready to be used.
>
> The primary purpose of systemd-homed is to use per-user encryption
> using loopback devices. This still has various problem related to
> resizing and suspend. Work is being done [see 3,4 for recent developments],
> but it's not at a point where we can recommend it.
> But systemd-homed has a mode where the user "home" is just a normal
> directory or btrfs subvolume with some metadata stored in files [5].
> Some work would be needed [6] to make this work smoothly, but it
> doesn't seem like too much. (Mostly filing down some rough edges
> in systemd-homed and adding pam_home_systemd and nss_systemd
> in various authselect profiles.)
>
> Thus the question: would this be something worth looking into?
>

When this was first explored a few years ago, the main problem that
came up was that homed is functionally incompatible with centralized
login systems (SSSD to FreeIPA/AD, OIDC, etc.). If this has changed,
then it would make sense to revisit.


-- 
真実はいつも一つ!/ Always, there's only one truth!
-- 
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue




[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Users]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]

  Powered by Linux