ProHoster > Π‘Π»ΠΎΠ³ > xov xwm hauv internet > Taw qhia systemd-homed los tswj cov phau ntawv hauv tsev portable

Taw qhia systemd-homed los tswj cov phau ntawv hauv tsev portable

Lennart Poettering tswvcuab (PDF) ntawm All Systems Go 2019 lub rooj sib tham, ib feem tshiab ntawm tus tswj hwm qhov systemd - systemd-homed, aimed ntawm ua rau cov neeg siv hauv tsev directory portable thiab cais los ntawm qhov system nqis. Lub tswv yim tseem ceeb ntawm qhov project yog tsim kom muaj ib puag ncig txaus rau cov neeg siv cov ntaub ntawv uas tuaj yeem hloov pauv ntawm cov tshuab sib txawv yam tsis muaj kev txhawj xeeb txog tus lej synchronization thiab tsis pub lwm tus paub.

Lub tsev directory ib puag ncig tuaj nyob rau hauv daim ntawv ntawm ib tug mounted duab ntaub ntawv, cov ntaub ntawv nyob rau hauv uas yog encrypted. Cov ntaub ntawv pov thawj ntawm cov neeg siv raug khi rau hauv cov npe hauv tsev ntau dua li qhov kev teeb tsa - tsis yog /etc/passwd thiab /etc/shadow profile hauv JSON hom, khaws cia hauv ~/.identity directory. Cov profile muaj cov yam ntxwv tsim nyog rau tus neeg siv txoj haujlwm, suav nrog cov ntaub ntawv hais txog lub npe, lo lus zais hash, encryption keys, quotas, thiab faib cov peev txheej. Cov profile tuaj yeem raug lees paub nrog cov kos npe digital khaws cia rau sab nraud Yubikey token.

Cov ntaub ntawv tseem yuav suav nrog cov ntaub ntawv ntxiv xws li SSH cov yuam sij, cov ntaub ntawv pov thawj biometric, duab, email, chaw nyob, thaj tsam lub sijhawm, lus, txheej txheem thiab nco txwv, ntxiv mount chij (nodev, noexec, nosuid), cov ntaub ntawv hais txog cov neeg siv IMAP / SMTP servers , cov ntaub ntawv hais txog kev ua kom niam txiv kev tswj hwm, kev xaiv thaub qab, thiab lwm yam. Ib qho API yog muab los thov thiab txheeb xyuas qhov ntsuas Varlink.

UID / GID txoj haujlwm thiab kev ua tiav yog ua tiav nyob rau hauv txhua qhov system hauv zos uas cov npe hauv tsev txuas nrog. Siv cov txheej txheem npaj, tus neeg siv tuaj yeem khaws nws cov npe hauv tsev nrog nws, piv txwv li ntawm Flash drive, thiab tau txais qhov chaw ua haujlwm ntawm txhua lub khoos phis tawj yam tsis tau tsim ib tus account rau nws (qhov muaj cov ntaub ntawv nrog cov duab ntawm cov npe hauv tsev. coj mus rau synthesis ntawm tus neeg siv).

Nws tau thov kom siv lub LUKS2 subsystem rau cov ntaub ntawv encryption, tab sis systemd-homed kuj tso cai rau siv lwm yam backends, piv txwv li, rau unencrypted directories, Btrfs, Fscrypt thiab CIFS network partitions. Txhawm rau tswj cov chaw khaws cia, cov khoom siv homectl tau npaj tseg, uas tso cai rau koj los tsim thiab qhib cov duab ntawm cov npe hauv tsev, nrog rau hloov lawv qhov loj me thiab teeb tsa tus password.

Nyob rau theem system, kev ua haujlwm tau lees paub los ntawm cov khoom hauv qab no:

  • systemd-homed.service - tswj lub tsev directory thiab embeds JSON cov ntaub ntawv ncaj qha rau hauv cov duab directory hauv tsev;
  • pam_systemd - txheej txheem tsis tau los ntawm JSON profile thaum tus neeg siv nkag rau hauv thiab siv lawv hauv cov ntsiab lus ntawm qhov kev sib tham qhib (ua pov thawj, teeb tsa ib puag ncig hloov pauv, thiab lwm yam);
  • systemd-logind.service - txheej txheem tsis tau los ntawm JSON profile thaum tus neeg siv nkag mus, siv ntau yam kev tswj hwm kev nqis peev thiab teeb tsa kev txwv;
  • nss-systemd - NSS module rau glibc, ua ke cov ntaub ntawv NSS classic raws li JSON profile, muab rov qab sib raug zoo nrog UNIX cov neeg siv ua API (/etc/password);
  • PID 1 - dynamically tsim cov neeg siv (tsim los ntawm kev sib piv nrog kev siv DynamicUser cov lus qhia hauv units) thiab ua rau lawv pom mus rau lwm qhov system;
  • systemd-userdbd.service - txhais UNIX/glibc NSS cov nyiaj rau hauv JSON cov ntaub ntawv thiab muab ib qho kev sib koom ua ke Varlink API rau querying thiab iterating tshaj cov ntaub ntawv.

Qhov zoo ntawm cov txheej txheem tau hais tseg suav nrog kev muaj peev xwm los tswj cov neeg siv thaum teeb tsa / thiab lwm yam kev qhia hauv hom nyeem nkaus xwb, qhov tsis xav tau synchronize tus cim (UID / GID) ntawm cov tshuab, cov neeg siv kev ywj pheej los ntawm lub khoos phis tawj tshwj xeeb, thaiv cov neeg siv cov ntaub ntawv Thaum lub sij hawm pw tsaug zog hom, siv encryption thiab niaj hnub authentication txoj kev. Systemd-homed tau npaj yuav suav nrog hauv systemd mainstream hauv kev tso tawm 244 lossis 245.

Piv txwv JSON tus neeg siv profile:

"autoLogin": tseeb,
"binding": {
Β«15e19cd24e004b949ddaac60c74aa165Β» : {
"fileSystemType": "ext4"
Β«fileSystemUUIDΒ» : Β«758e88c8-5851-4a2a-b98f-e7474279c111Β»,
npe: 60232,.
"homeDirectory" : "/home/test",
"imagePath" : "/home/test.home",
"luksCipher" : "aes",
"luksCipherMode" : "xts-plain64",
Β«luksUUIDΒ» : Β«e63581ba-79fa-4226-b9de-1888393f7573Β»,
"luksVolumeKeySize" : 32,
Β«partitionUUIDΒ» : Β«41f9ce04-c927-4b74-a981-c669f93eb4dcΒ»,
"storage": "luks",
ib: 60233
}
},
"txoj kev": "tseem ceeb",
"enforcePasswordPolicy": cuav,
"LastChangeUSec": 1565951024279735, ib
"memberOf" : [
"lub log"
],
"privileged": {
"hashedPassword": [
Β«$6$WHBKvAFFT9jKPA4k$OPY4D5…/Β»
] },
"kos npe": [
{
"data" : "LU/HeVrPZSzi3M3J...==",
"key" : "β€”β€”BEGIN PUBLIC KEYβ€”β€”\nMCowBQADK2VwAy…=\nβ€”β€”END PUBLIC KEYβ€”β€”\n"
}
],
"userName": "test",
"status": {
Β«15e19cf24e004b949dfaac60c74aa165Β» : {
"goodAuthenticationCounter": 16,
"lastGoodAuthenticationUSec" : 1566309343044322,
"rateLimitBeginUSec": 1566309342341723, UA
"rateLimitCount": 1,
"state": "tsis ua haujlwm",
"service": "io.systemd.Home",
"DiskSize": 161218667776,
"diskCeiling": 191371729408, UA
"diskFloor": 5242780, ib.
"signedLocally": tseeb
}
}

Tau qhov twg los: opennet.ru

Ntxiv ib saib