Lenart Poettering () a taron All Systems Go 2019, wani sabon sashi na tsarin sarrafa tsarin - , da nufin sanya kundayen adireshi na gida mai amfani da su zama šaukuwa kuma daban daga saitunan tsarin. Babban ra'ayin aikin shine ƙirƙirar yanayi masu dogaro da kai don bayanan mai amfani waɗanda za'a iya canjawa wuri tsakanin tsarin daban-daban ba tare da damuwa game da aiki tare na ganowa da sirri ba.
Wurin adireshin gida yana zuwa ta hanyar fayil ɗin hoto da aka ɗora, bayanan da aka ɓoye a ciki. Ana ɗaure takaddun shaidar mai amfani zuwa littafin gida maimakon saitunan tsarin - maimakon / sauransu / passwd da / sauransu / inuwa a cikin tsarin JSON, adana a cikin ~/.identity directory. Bayanan martaba ya ƙunshi sigogi masu mahimmanci don aikin mai amfani, gami da bayani game da suna, hash kalmar sirri, maɓallan ɓoyewa, ƙididdiga, da albarkatun da aka ware. Za a iya ba da shaidar bayanin martaba tare da sa hannun dijital da aka adana akan alamar Yubikey na waje.
Hakanan ma'auni na iya haɗawa da ƙarin bayani kamar maɓallan SSH, bayanan tantancewar biometric, hoto, imel, adireshin, yankin lokaci, harshe, tsari da iyakokin ƙwaƙwalwa, ƙarin tutoci (nodev, noexec, nosuid), bayani game da sabar IMAP/SMTP mai amfani da aka yi amfani da shi. , bayanai game da kunna ikon iyaye, madadin zaɓuɓɓuka, da dai sauransu. An ba da API don nema da tantance sigogi .
Ana yin aikin UID/GID da aiki da ƙarfi akan kowane tsarin gida wanda aka haɗa littafin adireshi zuwa gareshi. Yin amfani da tsarin da aka tsara, mai amfani zai iya ajiye tarihin gidansa tare da shi, misali akan faifan Flash, kuma ya sami wurin aiki akan kowace kwamfuta ba tare da ƙirƙirar asusu a kai ba (kasancewar fayil tare da hoton littafin gida). yana haifar da haɗakar mai amfani).
An ba da shawarar yin amfani da tsarin tsarin LUKS2 don ɓoye bayanan, amma systemd-homed kuma yana ba da damar amfani da wasu bayanan baya, misali, don kundayen adireshi waɗanda ba a ɓoye su ba, Btrfs, Fscrypt da sassan cibiyar sadarwa na CIFS. Don sarrafa kundayen adireshi masu ɗaukuwa, ana ba da shawarar mai amfani na homectl, wanda ke ba ku damar ƙirƙira da kunna hotuna na kundayen adireshi, da canza girman su kuma saita kalmar wucewa.
A matakin tsarin, ana tabbatar da aikin ta hanyar abubuwan da ke biyowa:
- systemd-homed.service - yana kula da kundin adireshi na gida kuma yana shigar da bayanan JSON kai tsaye cikin hotuna na gida;
- pam_systemd - yana aiwatar da sigogi daga bayanin martaba na JSON lokacin da mai amfani ya shiga kuma yayi amfani da su a cikin mahallin zaman da aka kunna (yana yin ingantaccen aiki, yana daidaita masu canjin yanayi, da sauransu);
- systemd-logind.service - aiwatar da sigogi daga bayanin martabar JSON lokacin da mai amfani ya shiga, yana aiwatar da saitunan sarrafa albarkatu daban-daban kuma yana saita iyaka;
- nss-systemd - tsarin NSS don glibc, yana haɗa bayanan NSS na yau da kullun dangane da bayanin martaba na JSON, yana ba da dacewa ta baya tare da API ɗin sarrafa mai amfani na UNIX (/ sauransu/password);
- PID 1 - yana ƙirƙira masu amfani da ƙarfi (wanda aka haɗa ta hanyar kwatance tare da amfani da umarnin DynamicUser a cikin raka'a) kuma yana sa su ganuwa ga sauran tsarin;
- systemd-userbd.service - yana fassara UNIX/glibc NSS asusu zuwa bayanan JSON kuma yana ba da haɗin kai na Varlink API don tambaya da sake maimaita bayanai.
Fa'idodin tsarin da aka tsara sun haɗa da ikon sarrafa masu amfani yayin hawa directory / sauransu a cikin yanayin karantawa kawai, rashin buƙatar daidaita abubuwan ganowa (UID/GID) tsakanin tsarin, yancin mai amfani daga takamaiman kwamfuta, toshe bayanan mai amfani. a lokacin yanayin barci, yin amfani da ɓoyewa da hanyoyin tantancewa na zamani. Systemd-homed ana shirin haɗa shi a cikin babban tsari a cikin sakin 244 ko 245.
Misali bayanan mai amfani JSON:
"autoLogin": gaskiya,
"daure": {
«15e19cd24e004b949ddaac60c74aa165» : {
"fileSystemType": "ext4"
«fileSystemUUID» : «758e88c8-5851-4a2a-b98f-e7474279c111»,
"gid": 60232,
"homeDirectory": "/gida/gwaji",
"imagePath": "/home/test.home",
"luksCipher" : "aes",
"luksCipherMode" : "xts-plain64",
«luksUUID» : «e63581ba-79fa-4226-b9de-1888393f7573»,
"luksVolumeKeySize": 32,
«partitionUUID» : «41f9ce04-c927-4b74-a981-c669f93eb4dc»,
"storage": "luks",
Saukewa: 60233
}
},
"disposition": "na yau da kullum",
"enforcePasswordPolicy": ƙarya,
"LastChangeUSec": 1565951024279735,
"memberOf": [
"tabara"
],
"mai gata": {
"hashedPassword": [
«$6$WHBKvAFFT9jKPA4k$OPY4D5…/»
]},
"sa hannu": [
{
"data" : "LU/HeVrPZSzi3M3J...==",
"key" : "——FARA KEY KYAU——\nMCowBQADK2VwAy…=\n——KEYN JAMA'A ——\n"
}
],
"userName": "gwaji",
"matsayi": {
«15e19cf24e004b949dfaac60c74aa165» : {
"goodAuthenticationCounter": 16,
"LastGoodAuthenticationUSec": 1566309343044322,
"rateLimitBeginUSec": 1566309342341723,
"Matsa iyaka": 1,
"state": "mara aiki",
"service": "io.systemd.Home",
"Size": 161218667776,
"DiskCeiling": 191371729408,
"diskFloor": 5242780,
"signedLocly": gaskiya
}
}
source: budenet.ru