Lenart na-ede abụ () na All Systems Go 2019 ogbako, akụkụ ọhụrụ nke sistemụ njikwa sistemụ - , ezubere ime ka akwụkwọ ndekọ aha ụlọ onye ọrụ bụrụ obere ma kewapụ na ntọala sistemụ. Isi echiche nke oru ngo a bụ ịmepụta gburugburu nke zuru oke maka data onye ọrụ nke nwere ike ibufe n'etiti usoro dị iche iche na-enweghị nchegbu maka ịmekọrịta njirimara na nzuzo.
Ebe ndekọ aha ụlọ na-abịa n'ụdị faịlụ onyonyo etinyegoro, data nke ezoro ezo. Ejidere nzere onye ọrụ na ndekọ ụlọ karịa ntọala sistemụ - kama /etc/passwd na /etc/shadow na usoro JSON, echekwara na ~/ .identity directory. Profaịlụ nwere paramita dị mkpa maka ọrụ onye ọrụ, gụnyere ozi gbasara aha, hash okwuntughe, igodo nzuzo, oke, na akụrụngwa ekenyela. Enwere ike ịkwado profaịlụ profaịlụ site na iji akara mbinye aka dijitalụ echekwara na akara Yubikey dị na mpụga.
Parameter nwekwara ike ịgụnye ozi agbakwunyere dị ka igodo SSH, data nyocha biometric, onyonyo, email, adreesị, mpaghara oge, asụsụ, usoro na oke ebe nchekwa, ọkọlọtọ ugwu agbakwunyere (nodev, noexec, nosuid), ozi gbasara onye ọrụ IMAP/SMTP sava. , ozi gbasara ime ka njikwa nne na nna, nhọrọ ndabere, wdg. Enyere API iji rịọ na tugharia paramita .
A na-eme ọrụ UID/GID na nhazi nke ọma na sistemụ mpaghara ọ bụla nke ejikọrọ akwụkwọ ndekọ ụlọ. N'iji usoro a chọrọ, onye ọrụ nwere ike idowe ya akwụkwọ ndekọ ụlọ ya, dịka ọmụmaatụ na draịva Flash, wee nweta ebe ọrụ na kọmputa ọ bụla na-enweghị ịmepụta akaụntụ na ya (ọnụnọ nke faịlụ nwere onyinyo nke ndekọ ụlọ). na-eduga na njikọ nke onye ọrụ).
A na-atụ aro ka iji usoro LUKS2 maka izo ya ezo, mana systemd-homed na-enyekwa ohere iji ihe ndabere ndị ọzọ, dịka ọmụmaatụ, maka akwụkwọ ndekọ aha ezoro ezo, Btrfs, Fscrypt na CIFS ngalaba netwọk. Iji jikwaa akwụkwọ ndekọ aha, a na-atụpụta ọrụ homectl, nke na-enye gị ohere ịmepụta ma rụọ ọrụ onyonyo nke akwụkwọ ndekọ aha ụlọ, yana ịgbanwe nha ha wee tọọ paswọọdụ.
Na ọkwa nke sistemu, a na-ahụta ọrụ site na ihe ndị a:
- systemd-homed.service - na-ejikwa ndekọ ụlọ ma tinye akwụkwọ ndekọ JSON ozugbo n'ime foto ndekọ ụlọ;
- pam_systemd - na-ahazi paramita sitere na profaịlụ JSON mgbe onye ọrụ na-abanye ma tinye ha n'ọnọdụ nke nnọkọ a na-arụ ọrụ (na-eme nyocha, na-ahazi mgbanwe gburugburu ebe obibi, wdg);
- systemd-logind.service - nhazi usoro site na profaịlụ JSON mgbe onye ọrụ na-abanye, na-etinye ntọala njikwa akụrụngwa dị iche iche ma debe oke;
- nss-systemd - NSS modul maka glibc, na-ahazi ndekọ NSS kpochapụwo dabere na profaịlụ JSON, na-enye ndakọrịta azụ na API nhazi onye ọrụ UNIX (/etc/password);
- PID 1 - na-emepụta ndị ọrụ n'ike n'ike (nke a na-ejikọta ya na iji ntuziaka DynamicUser na nkeji) ma mee ka ha hụ ndị ọzọ na usoro;
- systemd-userdbd.service - tụgharịrị UNIX/glibc NSS akaụntụ n'ime ndekọ JSON wee nye Varlink API dị n'otu maka ịjụ ajụjụ na ịkọgharị ndekọ.
Uru nke usoro a tụrụ aro gụnyere ikike ijikwa ndị ọrụ mgbe ị na-ebuli akwụkwọ ndekọ / wdg na ọnọdụ ọgụgụ naanị, enweghị mkpa ịmekọrịta njirimara (UID/GID) n'etiti sistemụ, nnwere onwe onye ọrụ na kọmpụta akọwapụtara, igbochi data onye ọrụ. n'oge ọnọdụ ụra, iji ezoro ezo na ụzọ nyocha ọgbara ọhụrụ. A na-eme atụmatụ itinye sistemu-homed na usoro sistemụ na ntọhapụ 244 ma ọ bụ 245.
Ọmụmaatụ profaịlụ onye ọrụ JSON:
"autoLogin": eziokwu,
"njide" : {
«15e19cd24e004b949ddaac60c74aa165» : {
"fileSystemType": "ext4"
«fileSystemUUID» : «758e88c8-5851-4a2a-b98f-e7474279c111»,
"gid": 60232,
"homeDirectory": "/home/ule",
"imagePath": "/home/test.home",
"luksCipher": "aes",
"luksCipherMode" : "xts-plain64",
«luksUUID» : «e63581ba-79fa-4226-b9de-1888393f7573»,
"luksVolumeKeySize": 32,
«partitionUUID» : «41f9ce04-c927-4b74-a981-c669f93eb4dc»,
"storage": "luks",
"Ụdị": 60233
}
},
"disposition": "mgbe niile",
"enforcePasswordPolicy": ụgha,
"lastChangeUSec": 1565951024279735,
"MemberOf": [
"wheel"
],
"ihe ùgwù" : {
"hashedPassword": [
«$6$WHBKvAFFT9jKPA4k$OPY4D5…/»
]},
"mbinye aka": [
{
"data" : "LU/HeVrPZSzi3M3J...==",
"key" : "——Bido Igodo Ọhaneze——\nMCowBQADK2VwAy…=\n——KEYYE Ọhaneze Ọgwụgwụ——\n"
}
],
"userName": "ule",
"ọnọdụ": {
«15e19cf24e004b949dfaac60c74aa165» : {
"GoodAuthenticationCounter": 16,
"lastGoodAuthenticationUSec": 1566309343044322,
"rateLimitBeginUSec": 1566309342341723,
"ọnụego ọnụ ọgụgụ": 1,
"state": "adịghị arụ ọrụ",
"ọrụ": "io.systemd.Home",
"Nha diski": 161218667776,
"DiskCeiling": 191371729408,
"DiskFloor": 5242780,
"signedLocally" : eziokwu
}
}
isi: opennet.ru