Yakagadziriswa-yakagadzirirwa chinhu chitsva chekutarisira madhairekitori epamba

Darkcrizt

4 maminitsi

Yakagadziriswa-homed

Lennart Poettering aunzwa kumusangano weAll Systems Go 2019 chinhu chitsva cheiyo systemd system maneja, "Systemd-homed" izvo inoitirwa kuverengera kutakurika kwevashandisi vekumba madhairekitori uye kupatsanurwa kwayo kubva mukugadziriswa kwesisitimu.

Pfungwa huru yeprojekti ndeyekugadzira nharaunda dzakazvimiririra dhata remushandisi iyo inogona kutamisirwa pakati pehurongwa hwakasiyana usinganetseke nezve kuwiriranisa kwezvinotizivisa uye zvakavanzika. Iyo dhairekitori repamba inonunurwa nenzira yefaira rakaiswa mufananidzo, iyo data rakanyorwa.

Unyanzvi hwevashandisi hwakabatana nedhairekitori repamba, kwete kune system yekugadzirisa; panzvimbo ye / etc / passwd uye / etc / shadow, - chimiro cheJSON fomati chinoshandiswa, yakachengetwa mu ~ / .identity dhairekitori.

Iyo mbiri ine zvikamu zvinodiwa kuti mushandisi ashande, kusanganisira ruzivo nezve zita, password hashi, kiyi yekunyorera, mubhadharo uye zviwanikwa zvinopihwa. Iyo mbiri inogona kusimbiswa uchishandisa siginicha yedhijitari yakachengetwa mune yekunze Yubikey chiratidzo.

 Dhairekitori yega yega yaanobata inovharira zvese chitoro chedhata uye mushandisi rekodhi yemushandisi, kuitira kuti inyatso tsanangudza nhoroondo yemushandisi uye nekudaro inotakurika pakati pehurongwa pasina mamwe metadata yekunze. 

Chiziviso ichi chinosimbisawo kuti:

Parameter dzinogona zvakare kusanganisira yekuwedzera ruzivo, senge makiyi eSSH, data yeiyo biometric kusimbiswa, mufananidzo, email, kero, nguva yenguva, mutauro, miganho pane huwandu hwemaitiro uye ndangariro, mimwe mireza yekumisikidza (nodev, noexec, nosuid), data pane rinoshanda IMAP server mushandisi ruzivo / SMTP, ruzivo rwevabereki rwekugonesa ruzivo, sarudzo dzekuchengetedza, nezvimwe.

Varlink API inopihwa kumubvunzo uye kuongorora paramende.

Iyo UID / GID inogadzirirwa zvine simba uye inogadziriswa pane yega yega system system kune iyo dhairekitori repamba yakabatana.

Uchishandisa iyo yakarongedzerwa system, mushandisi anogona kuchengeta dhairekitori repamba nayo.l, semuenzaniso, paFlash drive uye tora nzvimbo yekushanda pane chero komputa pasina kunyatsogadzira account pairi (kuvapo kwefaira rine mufananidzo wedhairekitori repamba rinotungamira kune mushandisi synthesis).

Izvo zvinokurudzirwa kushandisa iyo LUKS2 subsystem ye data encryption, asi systemd-homed zvakare inokutendera iwe kushandisa mamwe kumashure, semuenzaniso kune asina kunyorwa madhairekitori, Btrfs, Fscrypt, uye CIFS network zvikamu.

Kugadzirisa madhairekitori anotakurika, iyo yekushandisa homectl inokurudzirwa, iyo inobvumidza iwe kuti ugadzire uye unomutsa mifananidzo yemakuru madhairekitori, pamwe nekushandura saizi yavo uye kumisikidza password.

Padanho rehurongwa, basa rinopihwa nezvinhu zvinotevera:

  • systemd-homed.service: inogadzirisa dhairekitori repamba uye inonyudza zvinyorwa zveJSON zvakanangana nemifananidzo yedhairekitori repamba.
  • pam_systemd: inogadzirisa iyo paramende yeJSON parameter kana mushandisi akapinda mukati uye oishandisa mune mamiriro echikamu chakasimudzwa (chinoita chokwadi, chinoisa akasiyana nharaunda, nezvimwewo).
  • systemd-logind.service: inogadzirisa parameter yeiyo JSON profile kana mushandisi akapinda mukati, inoshandisa akasiyana masosi manejimendi manejimendi, uye nekuisa miganho.
  • nss-systemd: Iyo NSS module ye glibc inogadzira zvinyorwa zvekare zveNSS zvinoenderana neprofita yeJSON, ichipa UNIX API rutsigiro rwekushandisa (/ etc / password)
  • PID1: inogadzira vashandisi zvine simba (inogadzira nekufananidza neiyo DynamicUser rairo muzvikamu) uye inoita kuti ioneke kune ese masisitimu.
  • systemd-userd.service: inoshandura maUNSS / glibc NSS maakaunzi muJSON zvinyorwa uye inopa yakabatana Varlink API yekubvunza uye kunyora zvinyorwa.

Zvakanakira chirongwa chakarongwa chinosanganisira kugona kubata vashandisi nekumisikidza iyo / etc dhairekitori mune yekuverenga-chete maitiro, kusavapo kwekudiwa kwekufananidza zvitupa (UID / GID) pakati pehurongwa, kusununguka kwemushandisi kubva kune yakatarwa komputa, kukiya mushandisi data panguva yekurara, uchishandisa encryption uye zvazvino nzira dzechokwadi.

Pakupedzisira zvakakosha kutaura izvozvo zvakarongwa kuisa ichi chitsva chinhu "Systemd-homed" mune huru vhezheni ye systemd 244 kana 245.

Kana iwe uchida kuziva zvakawanda nezve ichi chikamu, unogona kubvunza inotevera pdf gwaro.

Iyo yekubatanidza ndeiyi.


Siya yako yekutaura

Your kero e havazobvumirwi ichibudiswa. Raida minda anozivikanwa ne *

*

*

  1. Inotarisira iyo data: Miguel Ángel Gatón
  2. Chinangwa cheiyo data: Kudzora SPAM, manejimendi manejimendi.
  3. Legitimation: Kubvuma kwako
  4. Kutaurirana kwedata
  5. Dhata yekuchengetedza: Dhatabhesi inobatwa neOccentus Networks (EU)
  6. Kodzero: Panguva ipi neipi iwe unogona kudzora, kupora uye kudzima ruzivo rwako

  1.   imwe yeimwe akadaro
    inoita 5 makore

    Ndiri kutya izvi.

    Huya, kana ukarasikirwa kana kuba iyo flash drive yaunotaura pamwe nehuwandu hwe data yainochengetera, ipapo unogona kuzvipa iwe nekuda kwekugumbuka.

    Nezvikonzero zvakasiyana pfungwa yacho inoita kunge isina musoro kwandiri. Ane tsika yaanayo yekuda kushandura zvinhu izvo mumaonero angu ekuzvininipisa zviri kufamba mushe uye ndinokahadzika kuti kuona nhoroondo yevanhu ava kuchavandudza kuchengetedzeka.

    Neraki ini ndiri paArtix izvozvi uye ndiri kubvisa zvese izvi kuunganidzwa zvisina maturo, kunyangwe ini ndisingazive kuti mahara systemd distros ichakwanisa kuramba.

    Pindura kune onedetantos
    1.    David naranjo akadaro
      inoita 5 makore

      Ini ndinobvumirana nezvaunotaura, kubva pakuona kwangu pfungwa yacho yakanaka asi chikamu chekuchengetedza chinoshaikwa (imwe mhando yekunyorera)

      Pindura kuna David Naranjo
  2.   luix akadaro
    inoita 5 makore

    systemd inoyamwa !!

    Pindura kuna luix