Systemd-homed sabon abu don sarrafa kundin adireshi na gida

Darkcrizt

4 minti

Tsarin-homed

Lennart Mawaki ya gabatar a taron All Systems Go 2019 sabon sashi na mai sarrafa tsarin tsarin, "Tsarin jikin mutum" wacce an yi niyya ne don tabbatar da sauƙin kundin adireshin gida na masu amfani da rabuwarsa daga tsarin tsari.

Babban ra'ayin aikin shine ƙirƙirar yankuna masu zaman kansu don bayanan mai amfani ana iya canzawa tsakanin tsarin daban ba tare da damuwa game da aiki tare da masu ganowa da tsare sirri ba. Ana sadar da yanayin kundin adireshin gida ta hanyar fayil ɗin hoto da aka ɗora, wanda aka ɓoye bayanansa.

Takaddun shaidar mai amfani suna da alaƙa da kundin adireshin gida, babu tsarin daidaitawa; maimakon / sauransu / passwd da / sauransu / inuwa, ana amfani da bayanan tsarin JSON, adana shi a cikin ~ /. bayanan sirri.

Bayanin martaba ya ƙunshi sigogi masu dacewa don mai amfani ya yi aiki, gami da bayani game da suna, kalmar wucewa ta sirri, makullin boye-boye, kudade da albarkatun da aka bayar. Ana iya tantance bayanan martaba ta amfani da sa hannun dijital da aka adana a cikin alamar Yubikey ta waje.

 Kowane kundin adireshi da yake gudanarwa yana lulluɓe duka bayanan ajiyar bayanai da rikodin mai amfani, don haka ya bayyana cikakken bayanin asusun mai amfani kuma saboda haka yana da sauƙi a ɗauke tsakanin tsarin ba tare da ƙarin metadata na waje ba. 

Sanarwar ta kuma nuna cewa:

Sigogi na iya haɗawa da ƙarin bayani, kamar maɓallan SSH, bayanai don tabbatar da ingancin halitta, hoto, imel, adireshi, yankin lokaci, harshe, iyakance akan yawan matakai da ƙwaƙwalwar ajiya, ƙarin tutocin hawa (nodev, noexec, nosuid), bayanai akan mai amfani da IMAP uwar garken bayanan mai amfani / SMTP, ikon iyaye Bayanin kunnawa, zaɓuɓɓukan madadin, da dai sauransu.

Ana ba da Varlink API don tambaya da kuma nazarin sigogi.

UID / GID an sanya shi a hankali kuma ana sarrafa shi akan kowane tsarin gida wanda aka haɗa kundin adireshin gida.

Ta amfani da tsarin da aka gabatar, mai amfani na iya ajiye kundin adireshin gidansa tare da shi.l, alal misali, a kan Flash Drive kuma sami yanayin aiki akan kowace kwamfuta ba tare da ƙirƙirar asusun a bayyane ba (kasancewar fayil tare da hoton kundin adireshin gidan yana haifar da haɗin mai amfani).

An ba da shawarar yin amfani da tsarin LUKS2 don ɓoye bayanai, amma system-homed shima yana baka damar amfani da sauran bayanan baya, misali ga kundin kundayen da ba a rufesu ba, Btrfs, Fscrypt, da CIFS network partitions.

Don gudanar da kundayen adireshi, ana amfani da homectl utility, wanda zai baka damar ƙirƙiri da kunna hotunan manyan kundin adireshi, tare da canza girman su da saita kalmar sirri.

A matakin tsarin, ana bayar da aikin ta abubuwa masu zuwa:

  • tsarin-homed.service: sarrafa kundin adireshi na gida da shigar da bayanan JSON kai tsaye zuwa hotunan kundin adireshin gida.
  • pam_systemd: aiwatar da sigogin bayanan martaba na JSON lokacin da mai amfani ya shiga kuma ya aiwatar da su a cikin yanayin zaman da aka haifar (yin tabbatarwa, saita masu canjin yanayi, da sauransu).
  • tsarin-logind.service: aiwatar da sigogin bayanin martabar JSON lokacin da mai amfani ya shiga, ya aiwatar da saitunan sarrafa albarkatu daban-daban, kuma ya sanya iyaka.
  • nss-tsarin: Na'idar NSS don glibc tana haɗa abubuwan shigarwar NSS na yau da kullun bisa ga bayanin JSON, suna ba da goyon bayan UNIX API don aikin mai amfani (/ etc / password).
  • PID1: ƙirƙirar masu amfani da ƙarfi (hadawa ta kwatankwacin kwatankwacin umarnin DynamicUser a cikin raka'a) kuma ya sanya su bayyane ga sauran tsarin.
  • tsarin-userdbd.service: yana fassara asusun UNIX / glibc NSS a cikin bayanan JSON kuma yana samar da hadadden Varlink API don bincika bayanai da jerin su.

Fa'idodin tsarin da aka tsara sun haɗa da ikon sarrafa masu amfani ta hanyar hawa dutsen / sauransu a cikin hanyar karantawa kawai, rashin buƙatar aiki tare da masu ganowa (UID / GID) tsakanin tsarin, ,ancin mai amfani daga takamaiman kwamfuta, kullewa bayanan mai amfani yayin yanayin bacci, ta amfani da boye-boye da kuma hanyoyin tabbatar da zamani.

A ƙarshe yana da mahimmanci a ambaci hakan an shirya hada wannan sabon abun "Tsarin jikin mutum" a cikin babban tsarin tsarin 244 ko 245.

Idan kana son karin bayani game da wannan bangaren, zaka iya tuntuɓar daftarin aikin pdf mai zuwa.

Haɗin haɗin shine wannan.


Bar tsokaci

Your email address ba za a buga. Bukata filayen suna alama da *

*

*

  1. Wanda ke da alhakin bayanan: Miguel Ángel Gatón
  2. Manufar bayanan: Sarrafa SPAM, sarrafa sharhi.
  3. Halacci: Yarda da yarda
  4. Sadarwar bayanan: Ba za a sanar da wasu bayanan ga wasu kamfanoni ba sai ta hanyar wajibcin doka.
  5. Ajiye bayanai: Bayanin yanar gizo wanda Occentus Networks (EU) suka dauki nauyi
  6. Hakkoki: A kowane lokaci zaka iyakance, dawo da share bayanan ka.

  1.   daya daga wasu m
    sa 5 shekaru

    Ina tsoron wannan.

    Ka zo, idan ka rasa ko ka sata waccan flash din da ta ambata tare da yawan bayanan da take adanawa, to kusan zaka iya ba da kanka don jin haushi.

    Saboda dalilai daban-daban ra'ayin ba shi da ma'ana a wurina. Wace al'ada ce yake da shi na son canza abubuwa waɗanda a ganina ƙarara suke tafiya kuma ina shakkar ganin tarihin waɗannan mutane zai inganta tsaro.

    Abin farin ciki na kasance akan Artix yanzu kuma ina kawar da duk waɗannan maganganun banza, kodayake ban san tsawon lokacin da hargitsi na tsarin kyauta zai iya tsayayya ba.

    Amsa zuwa onedetantos
    1.    David naranjo m
      sa 5 shekaru

      Na yarda da abin da kuka fada, daga ra'ayina ra'ayin yana da kyau amma bangaren tsaro ya bace (wani nau'in boye-boye)

      Amsa wa David Naranjo
  2.   lux m
    sa 5 shekaru

    tsarin tsotsa !!

    Amsa zuwa luix