Lennart Poettering thaca Kwinkomfa ye-All Systems Go 2019 icandelo elitsha lomphathi wenkqubo, "I-systemd-homed" yintoni yenzelwe ukuqinisekisa ukuthwala kwabalawuli bekhaya nokwahlulwa kwayo kwinkqubo yoqwalaselo.
Uluvo oluphambili lweprojekthi kukudala iimeko ezizimeleyo zedatha yomsebenzisi ezinokudluliselwa phakathi kweenkqubo ezahlukeneyo ngaphandle kokukhathazeka malunga nokuvumelanisa kwezazisi kunye nemfihlo. Imeko yolawulo lwasekhaya ihanjiswa ngohlobo lwefayile yomfanekiso onyusiweyo, idatha ebhalwe ngokufihlakeleyo.
Iziqinisekiso zomsebenzisi zibotshelelwe kulawulo lwasekhaya, hayi kuqwalaselo lwenkqubo; endaweni ye / etc / passwd Kunye / etc / shadow, iprofayile yefomathi yeJSON iyasetyenziswa, igcinwe kulawulo lwe ~ /.
Iprofayili iqulethe iiparameter eziyimfuneko ukuze umsebenzisi asebenze, kubandakanya ulwazi malunga negama, ipaswedi hash, izitshixo zokubethela, iifizi kunye nezixhobo ezibonelelweyo. Iprofayili inokungqinisiswa kusetyenziswa isayinitsha yedijithali egcinwe kwithokheni yangaphandle yeYubikey.
Isikhombisi ngasinye esilawulayo sibandakanya zombini ivenkile yedatha kunye nerekhodi lomsebenzisi, ukuze ichaze ngokucacileyo iakhawunti yomsebenzisi kwaye ngenxa yoko iyaphatheka ngokwendalo phakathi kweenkqubo ngaphandle kwemethadatha yangaphandle.
Isibhengezo sikwaqaqambisa ukuba:
Iiparameter zinokubandakanya ulwazi olongezelelweyo, njengezitshixo ze-SSH, idatha yokuqinisekiswa kwe-biometric, umfanekiso, i-imeyile, idilesi, ixesha lendawo, ulwimi, umda kwinani leenkqubo kunye nenkumbulo, iiflegi ezonyukayo ezongezelelweyo (nodev, noexec, nosuid), idatha kulwazi lomsebenzisi lwe-IMAP olusebenzayo / I-SMTP, ulwazi lolawulo lolawulo lwabazali, ukhetho lokugcina, njl.
I-Varlink API ibonelelwe ukubuza kunye nokuhlalutya iiparameter
I-UID / GID inikwe amandla kwaye iqhutywe kwinkqubo nganye yendawo apho ulawulo lwasekhaya lufakwe khona
Usebenzisa inkqubo ecetywayo, umsebenzisi angagcina umkhombandlela wasekhaya nayo.l, umzekelo, kwiFlash drive kwaye ufumane indawo yokusebenza kuyo nayiphi na ikhompyuter ngaphandle kokwenza ngokucacileyo iakhawunti kuyo (ubukho befayile enomfanekiso wesikhombisi sasekhaya kukhokelela kulwakhiwo lomsebenzisi).
Kucetyiswa ukuba kusetyenziswe inkqubo esezantsi ye-LUKS2 ukubethela idatha, kodwa i-systemd-homed ikwavumela ukuba usebenzise ezinye izinto ezingasemva, umzekelo kwizikhombisi ezingabhalwanga, ii-Btrfs, i-Fscrypt, kunye nezahlulo zenethiwekhi ze-CIFS.
Ukulawula izikhombisi eziphathwayo, into eluncedo yasekhaya iyacetyiswa, ekuvumela ukuba wenze kwaye wenze ukuba kusebenze imifanekiso yeenkcukacha eziphambili, kunye nokutshintsha ubungakanani bazo kunye nokuseta iphasiwedi.
Kwinqanaba lenkqubo, umsebenzi ubonelelwa zezi zinto zilandelayo:
- Inkqubo-yokusebenza.inkonzo: ilawula isikhombisi sasekhaya kwaye ishumeka iirekhodi zeJSON ngqo kwimifanekiso yolawulo lwasekhaya.
- pam_systemd: Iqhubekeka iiparameter zeJSON xa umsebenzisi engena ngaphakathi kwaye azisebenzise kwimeko yeseshoni eyenziweyo (yenza ungqinisiso, useta okusingqongileyo, njl.
- inkqubo-logind.service: Iqhubekekisa iiparameter zeprofayili yeJSON xa umsebenzisi engena ngaphakathi, esebenzisa iisetingi zolawulo lwezixhobo, kunye nokuseta imida.
- I-nss-systemd: Imodyuli ye-NSS ye-glibc idibanisa amangeniso akudala e-NSS ngokusekwe kwiprofayili yeJSON, enikezela ngenkxaso ye-UNIX API yomsebenzisi (/ njl / iphasiwedi).
- I-PID 1: yenza ngamandla abasebenzisi (idityaniswe ngokuthelekiswa nesikhokelo seDynamicUser kwiiyunithi) kwaye ibenze babonakale kuyo yonke inkqubo.
- Inkqubo-yomsebenzisi-wenkonzo.inkonzo: iguqulela ii-akhawunti ze-UNIX / ze-glibc ze-NSS kwiirekhodi zeJSON kwaye ibonelela nge-Varlink API emanyanisiweyo yokubuza kunye nokudwelisa iirekhodi.
Izinto eziluncedo zenkqubo ecetywayo zibandakanya ukukwazi ukulawula abasebenzisi ngokufaka i / njl isikhombisi kwimowudi yokufunda-kuphela, ukungabikho kwesidingo sokudibanisa izikhombisi (i-UID / GID) phakathi kweenkqubo, ukuzimela komsebenzisi kwikhompyuter ethile, ukutshixa Idatha yomsebenzisi ngexesha lokulala, usebenzisa ukubethela kunye neendlela zangoku zokuqinisekisa.
Okokugqibela kubalulekile ukuyikhankanya loo nto kucwangcisiwe ukubandakanya eli candelo litsha "I-systemd-homed" kuhlobo oluphambili lwenkqubo 244 okanye 245.
Ukuba ufuna ukwazi okungakumbi malunga neli candelo, unokujongana nolu xwebhu lulandelayo lwe-pdf.
Ndiyoyika lento.
Yiza, ukuba ulahlekile okanye webe i-flash drive oyikhankanyileyo ngenani ledatha eliyigcinayo, emva koko unokuzinikezela ukuba ucaphuke.
Ngenxa yezizathu ezahlukeneyo le ngcamango ibonakala ingenangqondo kwaphela kum. Onjani umkhwa anawo wokufuna ukutshintsha izinto ngokombono wam othobekileyo zihamba kakuhle kwaye ndiyathandabuza ukuba ukubona imbali yaba bantu kuyakuphucula ukhuseleko.
Ngethamsanqa ndikwiArtix ngoku kwaye ndiyayisusa yonke le ngqokelela yobubhanxa, nangona ndingazi ukuba isistim simahla sistros sinokukwazi njani ukuxhathisa.
Ndivumelana nale nto uyithethayo, ngokwembono yam umbono ulungile kodwa icandelo lokhuseleko alikho (uhlobo oluthile lokubethela)
Inkqubo ifunxa !!