The D in Systemd is for Directories: Poettering says his creation will phone /home in future

Systemd-managed home folders are secure, portable, extensible... albeit with broken SSH login


All Systems Go Systemd inventor Lennart Poettering told the crowds at the All Systems Go Linux user-space event in Berlin he intends to reinvent home directories to fix issues with the current model that are otherwise insoluble.

Specifically, he wants Systemd, or rather systemd-homed, to manage and organize home directories.

In Linux systems, each user typically has a directory under /home for personal documents and data. Users are identified by a username and user ID (UID) number which by default is in a text database called /etc/passwd.

Speaking at the event in Germany earlier this month, Poettering identified several problems with this long-standing approach. Philosophically, he said, it mixes state and configuration, because in his view the user record is state rather than configuration, and therefore does not belong in /etc.

The /etc/passwd database is not extensible, and therefore Linux has evolved numerous secondary databases that are stored elsewhere, such as /etc/shadow, a privileged location used for encrypted password hashes and other password-related fields, such as the maximum time before a password expires.

He is also much concerned with a security issue, which is that even when full-disk encryption is in use, when the system is suspended the decryption key is held in memory, so that if a laptop is stolen while suspended it would be possible to access the data. A password-protected lock screen is insufficient for strong security.

Poettering's idea is to have self-contained home folders, where the system assigns an UID automatically if it detects that the folder exists. All the information about the user is in that directory, password hash included, stored as extensible JSON user records.

Does that mean that you can log into any Linux system armed with a home folder on a USB stick? No, said Poettering, answering a question after his talk. A privileged process on that machine would have to sign the security-sensitive part of a user's data before it would be recognised. This would prevent users adding themselves to groups, for example, by editing their own data.

LUK'd out

The Systemd inventor is a fan of LUKS encryption, which can be used to encrypt a file, partition, or entire hard drive. He also intends to unify the user password and the encryption key, on the presumption that most users encrypt their laptop disks. This means that when the system is suspended, the decryption key can be removed from memory. On resume, the same password will both log-in and decrypt the home folder. This means that the decryption key can be removed from memory on suspend, since it is re-input on resume.

All of this will be enabled by a new daemon called systemd-homed, to be a component of Systemd. The new component will also support other forms of authentication such as Yubikeys and other security devices that support FIDO2 and U2F (Universal Second Factor) authentication.

There are some complications, one of which is remote access via SSH.

"If you authenticate via SSH it goes via authorized keys in the home directory. So if you want to authenticate something that is inside of the home directory, so that it can access the home directory, where does the decryption key come from, to access the home directory? It is a chicken-and-egg problem," said Poettering.

A place of anchovy pasta

You love Systemd – you just don't know it yet, wink Red Hat bods

READ MORE

His solution is that the user must already be logged in, for SSH to work. A person at the session asked what should be done by a university student, for example, who wanted to log in to a Linux machine that was rebooted overnight from 200 miles away. The answer: "If you really want that this system can come up on its own, don't use this stuff. This is about security."

However, it may not be such a problem in practice, since the focus of this solution is end users with laptops rather than servers, and remote login to a laptop is not common.

Poettering envisages that by having your home folder in a LUKS-encrypted container, then that file is all you need either for backup or to switch to another laptop. "The user record and the home directory all become one file. You can just take that file from one laptop to another laptop. It just pops up and it's there."

It is a radical change, and there will be compatibility issues, as well as opposition to changing a part of the system that has worked well enough for years, but for Poettering it is worth it if only for security. "I want my own laptop finally secure so I can suspend. I want these problems to be solved, finally, because we never could solve them," he said.

You can view the presentation right here. ®

Similar topics


Other stories you might like

  • Warehouse belonging to Chinese payment terminal manufacturer raided by FBI

    PAX Technology devices allegedly infected with malware

    US feds were spotted raiding a warehouse belonging to Chinese payment terminal manufacturer PAX Technology in Jacksonville, Florida, on Tuesday, with speculation abounding that the machines contained preinstalled malware.

    PAX Technology is headquartered in Shenzhen, China, and is one of the largest electronic payment providers in the world. It operates around 60 million point-of-sale (PoS) payment terminals in more than 120 countries.

    Local Jacksonville news anchor Courtney Cole tweeted photos of the scene.

    Continue reading
  • Everything you wanted to know about modern network congestion control but were perhaps too afraid to ask

    In which a little unfairness can be quite beneficial

    Systems Approach It’s hard not to be amazed by the amount of active research on congestion control over the past 30-plus years. From theory to practice, and with more than its fair share of flame wars, the question of how to manage congestion in the network is a technical challenge that resists an optimal solution while offering countless options for incremental improvement.

    This seems like a good time to take stock of where we are, and ask ourselves what might happen next.

    Congestion control is fundamentally an issue of resource allocation — trying to meet the competing demands that applications have for resources (in a network, these are primarily link bandwidth and router buffers), which ultimately reduces to deciding when to say no and to whom. The best framing of the problem I know traces back to a paper [PDF] by Frank Kelly in 1997, when he characterized congestion control as “a distributed algorithm to share network resources among competing sources, where the goal is to choose source rate so as to maximize aggregate source utility subject to capacity constraints.”

    Continue reading
  • How business makes streaming faster and cheaper with CDN and HESP support

    Ensure a high video streaming transmission rate

    Paid Post Here is everything about how the HESP integration helps CDN and the streaming platform by G-Core Labs ensure a high video streaming transmission rate for e-sports and gaming, efficient scalability for e-learning and telemedicine and high quality and minimum latencies for online streams, media and TV broadcasters.

    HESP (High Efficiency Stream Protocol) is a brand new adaptive video streaming protocol. It allows delivery of content with latencies of up to 2 seconds without compromising video quality and broadcasting stability. Unlike comparable solutions, this protocol requires less bandwidth for streaming, which allows businesses to save a lot of money on delivery of content to a large audience.

    Since HESP is based on HTTP, it is suitable for video transmission over CDNs. G-Core Labs was among the world’s first companies to have embedded this protocol in its CDN. With 120 points of presence across 5 continents and over 6,000 peer-to-peer partners, this allows a service provider to deliver videos to millions of viewers, to any devices, anywhere in the world without compromising even 8K video quality. And all this comes at a minimum streaming cost.

    Continue reading
  • Cisco deprecates Microsoft management integrations for UCS servers

    Working on Azure integration – but not there yet

    Cisco has deprecated support for some third-party management integrations for its UCS servers, and emerged unable to play nice with Microsoft's most recent offerings.

    Late last week the server contender slipped out an end-of-life notice [PDF] for integrations with Microsoft System Center's Configuration Manager, Operations Manager, and Virtual Machine Manager. Support for plugins to VMware vCenter Orchestrator and vRealize Orchestrator have also been taken out behind an empty rack with a shotgun.

    The Register inquired about the deprecations, and has good news and bad news.

    Continue reading
  • Protonmail celebrates Swiss court victory exempting it from telco data retention laws

    Doesn't stop local courts' surveillance orders, though

    Encrypted email provider Protonmail has hailed a recent Swiss legal ruling as a "victory for privacy," after winning a lawsuit that sees it exempted from data retention laws in the mountainous realm.

    Referring to a previous ruling that exempted instant messaging services from data capture and storage laws, the Protonmail team said this week: "Together, these two rulings are a victory for privacy in Switzerland as many Swiss companies are now exempted from handing over certain user information in response to Swiss legal orders."

    Switzerland's Federal Administrative Court ruled on October 22 that email providers in Switzerland are not considered telecommunications providers under Swiss law, thereby removing them from the scope of data retention requirements imposed on telcos.

    Continue reading
  • Japan picks AWS and Google for first gov cloud push

    Local players passed over for Digital Agency’s first project

    Japan's Digital Agency has picked Amazon Web Services and Google Cloud for its first big reform push.

    The Agency started operations in September 2021, years after efforts like the UK's Government Digital Service (GDS) or Australia's Digital Transformation Agency (DTA). The body was a signature reform initiated by Prime Minister Yoshihide Suga, who spent his year-long stint in the top job trying to curb Japan's reliance on paper documents, manual processes, and faxes. Japan's many government agencies also operated their websites independently of each other, most with their own design and interface.

    The new Agency therefore has a remit to "cut across all ministries" and "provide services that are driven not toward ministries, agency, laws, or systems, but toward users and to improve user-experience".

    Continue reading
  • Singaporean minister touts internet 'kill switch' that finds kids reading net nasties and cuts 'em off ASAP

    Fancies a real-time crowdsourced content rating scheme too

    A Minister in the Singapore government has suggested the creation of an internet kill switch that would prevent minors from reading questionable material online – perhaps using ratings of content created in real time by crowdsourced contributors.

    "The post-COVID world will bring new challenges globally, including to us in the security arena," said Minister for Defence Dr Ng Eng Hen at a Tuesday ceremony to award the city-state's 2021 Defense Technology Prize.

    "For operations, the SAF (Singapore Armed Force) has to expand its capabilities in the digital domain. Whether for administrative or operational purposes, I think that we will need to leverage technology to the maximum," he declared.

    Continue reading
  • China Telecom booted out of USA as Feds worry it could disrupt or spy on local networks

    FCC urges more action against Huawei and DJI, too

    The US Federal Communications Commission (FCC) has terminated China Telecom's authority to provide communications services in the USA.

    In its announcement of the termination, the government agency explained the decision is necessary because the national security environment has changed in the years since 2002. That was when China Telecom was first allowed to operate in the USA.

    The FCC now believes – partly based on classified advice from national security agencies – that China Telecom can "access, store, disrupt, and/or misroute US communications, which in turn allow them to engage in espionage and other harmful activities against the United States." And because China Telecom is state-controlled, China's government can compel the carrier to act as it sees fit, without judicial review or oversight.

    Continue reading

Biting the hand that feeds IT © 1998–2021