Systemd developer Lennart Poettering has presented plans to make home directories portable and encrypted through a specialized system service. Users should be able to have the directory on a USB stick.
“I’m Lennart Poettering and today I’m taking away your home directories,” the Systemd developer joked at the beginning of his talk at this year’s Linux userspace conference, All Systems Go, aware of his controversial role in Linux. Community. The concrete goal of this somewhat vague announcement is not only to better protect the home directory via encryption, but also to make it portable. He wants to take his home directory on a USB stick, put it on another computer with a Linux and use it there.
The newly created Systemd-Homed service is not intended to abolish traditional home directories, but to complement portable and encrypted directories as an option. The service specifically targets laptops and enterprise use. All metadata about the users should then actually be in the home directory. External dependencies in the rest of the file system should no longer exist.
Systemd-homed offers several backends for the home directories. The targets are normal directories, Btrfs subvolumes or even Cifs mounts. In this case the user records are unencrypted and available in JSON format as ~ / .identity files. They are signed and normal users are not allowed to change them. The host has its own user records, which the host then matches with the user records of the home partition. If the signature is not known on the host, it does not mount the home image for security reasons. However, system administrators may manually add the signature.
Encrypted home directory
However, what Lennart Poettering and his colleagues are really up to is the fact that privileged services like the Apache server on ordinary Linux systems can easily access private data in the home directory. Therefore, systemd-homed should also enable the encryption of partitions. Besides FS-Crypt also LUKS2 should be used.
The system makers want to mount the encrypted home image as a loopback device. Canonical’s Snap Package format is already using this technology successfully and without much overhead, Poettering told Linux magazine. The encrypted user record should be in the LUKS2 header. This allows the kernel to validate the home image before hanging it up and, if necessary, to reject it.
At the same time, he wants to encrypt the home via LUKS2 as soon as the computer goes into suspend-to-RAM mode. The user password should also be used for decrypting encrypted home directories. The code, according to Lennart Poettering already exists to a large extent, he is found in his Github branch of Systemd.
Difficult to solve problems
In order to put the plan into action, however, some problems had to be solved, because the Home and the associated configuration files have grown historically. Thus, the user IDs differ from Linux system to Linux system and are then also bound to a user name. Although systemd-homed allocates quite unique UIDs for the home partitions, they are not unique enough. That’s a requirement of the kernel, according to Poettering. If UIDs exist twice on the host, systemd-homed assigns a new UID and executes the chown command recursively.
Also, the authentication is outdated: Because / etc / passwd can not extend, auxiliary databases were created for other purposes, such as SSH key, samba and PAM. To be portable, the UID assignment of the home service would have to take place locally, if the user hangs up his home directory, and on each system, which Poettering called a “difficult problem”. For example, SSH can only be used if the user has identified himself with the system. The SSH keys can also be accommodated in the user records according to the specification.
Via | ASG 2019 ( PDF )