On Fri, Oct 4, 2024 at 11:05 AM Zbigniew Jędrzejewski-Szmek <zbyszek@xxxxxxxxx> wrote: > > Hi folks, > > I was recently doing a bunch of test reinstalls of Fedora [1], > looking to see if it's complicated to retain the user directories > during a reinstall. The answer is, sadly, that it's possible only with > some manual tinkering. This is a known problem [2]. > > With a little bit of trickery, Anaconda will let the "home" subvolume > be and install the system to a new "root" subvolume, so user data is > preserved. But then after a reboot a new user will be created, because > the old user is not hooked up into /etc/passwd. > > We actually have a partial solution for this: systemd-homed. > With systemd-homed the information about the user is maintained in the > user directory/subvolume/partition, e.g. /home/username.homedir. > After a reinstall, ideally nothing needs to be done and the user > account is ready to be used. > > The primary purpose of systemd-homed is to use per-user encryption > using loopback devices. This still has various problem related to > resizing and suspend. Work is being done [see 3,4 for recent developments], > but it's not at a point where we can recommend it. > But systemd-homed has a mode where the user "home" is just a normal > directory or btrfs subvolume with some metadata stored in files [5]. > Some work would be needed [6] to make this work smoothly, but it > doesn't seem like too much. (Mostly filing down some rough edges > in systemd-homed and adding pam_home_systemd and nss_systemd > in various authselect profiles.) > > Thus the question: would this be something worth looking into? > When this was first explored a few years ago, the main problem that came up was that homed is functionally incompatible with centralized login systems (SSSD to FreeIPA/AD, OIDC, etc.). If this has changed, then it would make sense to revisit. -- 真実はいつも一つ!/ Always, there's only one truth! -- _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue