Re: strawman proposal: homed directories for users

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Sat, 2024-10-05 at 07:36 +0000, Zbigniew Jędrzejewski-Szmek wrote:
> On Fri, Oct 04, 2024 at 12:17:14PM -0400, David Cantrell wrote:
> > The common use case for this is the Fedora laptop user which in nearly every
> > case is going to have one local user account.
> > 
> > I have always split /home from the rest of the system and I know others do
> > as well.  I would rather see anaconda modified so that if I am creating a
> > user account at install time, check for /home/USERNAME and if USERNAME
> > matches and the UID and GID matches, just don't create the home directory.
> > That is, -M on useradd(8).
> 
> Yeah, that's the other possible approach. But I think it's actually
> quite complicated to make this work reliably. Traditional UNIX accounts
> spread the information about the user over a bunch of files. Consistency
> must be maintained, UIDs and GIDs on disk must match, etc. We _could_
> add the smarts to cover all that in Anaconda, but Anaconda developers
> are trying to simplify it, not add new complicated code.
> 
> OTOH, homed was created with the idea of self-contained "homes" from
> the beginning, and systemd upstream is dedicating resources to make it
> work. (E.g., currently, a full-time developer working on integration
> of systemd-homed and GNOME on a grant from German STF.)
> So I think it's much more maintainable to just make use of this and
> let systemd upstream help with any bugs that we discover.
> 
> The homed approach would make other things possible too. For example,
> sharing of /home in dual-boot scenarios. Right now a manual setup
> needs to be done, and login details need to be propagated each time,
> but with homed, dual-boot and reinstall are very similar scenarios,
> so if we get one to work, we get the other one for free.
> 
> Zbyszek

The homed approach can work only in cases where you basically have only
one user and all the OSs use the same approach.

I see a few issues with security that needs to be addressed.

What happens if I plug a disk into a laptop that sports a "homed"
directory, will the laptop suddenly allow a stranger to just login into
the machine?

What happens if there are conflicts of uid or gid ?
Will it now allow this other user to access files and directories that
should be reserved to other users?

What happen if you want to change the user to be a corporate directory
provided one?

Can you configure autologin for those uses cases (like kiosks or a home
entertainment system) where that makes sense to do ?

Is this tied to a specific file system type?

Changing a default like this is not something to do lightly IMHO.

-- 
Simo Sorce
Distinguished Engineer
RHEL Crypto Team
Red Hat, Inc

-- 
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue




[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Users]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]

  Powered by Linux