Lennart Poettering presented at the All Systems Go 2019 conference a new component of the systemd system manager, "Systemd-homed" which is intended to ensure the portability of users' home directories and its separation from the system configuration.
The main idea of the project is to create autonomous environments for user data that can be transferred between different systems without worrying about the synchronization of identifiers and privacy. The home directory environment is delivered in the form of a mounted image file, the data of which is encrypted.
User credentials are linked to home directory, no to system configuration; instead of / etc / passwd and / etc / shadow, a JSON format profile is used, stored in the ~ / .identity directory.
The profile contains the necessary parameters for the user to work, including information about name, password hash, encryption keys, quotas and resources provided. The profile can be authenticated using a digital signature stored in an external Yubikey token.
Each directory it manages encapsulates both the data store and the user's user record, so that it comprehensively describes the user's account and is therefore naturally portable between systems without further external metadata.
The announcement also highlights that:
Parameters can also include additional information, such as keys for SSH, data for biometric authentication, image, email, address, time zone, language, limits on the number of processes and memory, additional mounting flags (nodev, noexec, nosuid), data on the applicable IMAP server user information / SMTP, parental control enable information, backup options, etc.
Varlink API is provided to query and analyze parameters.
The UID / GID is dynamically assigned and processed on each local system to which the home directory is connected.
Using the proposed system, the user can keep his home directory with it.l, for example, on a Flash drive and get a working environment on any computer without explicitly creating an account on it (the presence of a file with an image of the home directory leads to user synthesis).
It is proposed to use the LUKS2 subsystem for data encryption, but systemd-homed also allows you to use other backends, for example for unencrypted directories, Btrfs, Fscrypt, and CIFS network partitions.
To manage portable directories, the homectl utility is proposed, which allows you to create and activate images of main directories, as well as change their size and set a password.
At the system level, the work is provided by the following components:
- systemd-homed.service: manages home directory and embeds JSON records directly into home directory images.
- pam_systemd: processes the JSON profile parameters when a user logs in and applies them in the context of a triggered session (performs authentication, sets environment variables, etc.).
- systemd-logind.service: processes the parameters of a JSON profile when a user logs in, applies various resource management settings, and sets limits.
- nss-systemd: The NSS module for glibc synthesizes the classic NSS entries based on the JSON profile, providing UNIX API support for user (/ etc / password) processing.
- PID1: creates users dynamically (synthesizes by analogy with the DynamicUser directive in units) and makes them visible to the rest of the system.
- systemd-userdbd.service: translates UNIX / glibc NSS accounts into JSON records and provides a unified Varlink API for querying and listing records.
Advantages of the proposed system include the ability to manage users by mounting the / etc directory in read-only mode, the absence of the need to synchronize identifiers (UID / GID) between systems, the independence of the user from a specific computer, locking of user data during sleep mode, using encryption and modern authentication methods.
Finally it is important to mention that it is planned to include this new component "Systemd-homed" in the major version of systemd 244 or 245.
If you want to know more about this component, you can consult the following pdf document.