ProHoster > Blog > internet nhau > Yakaunzwa systemd-homed kubata inotakurika madhairekitori epamba

Yakaunzwa systemd-homed kubata inotakurika madhairekitori epamba

Lennart Pottering kuunzwa (PDF) pamusangano weAll Systems Go 2019, chikamu chitsva chemaneja systemd - systemd-homed, yakanangana nekugadzira madhairekitori emushandisi epamba anotakurika uye akaparadzana kubva kune masisitimu marongero. Pfungwa huru yepurojekiti ndeyekugadzira inozvimiririra nharaunda dzemushandisi data iyo inogona kutamiswa pakati peasiyana masisitimu pasina kunetseka nezve identifier kuwiriranisa uye kuvanzika.

Iyo imba dhairekitori nharaunda inouya muchimiro cheyakaiswa mufananidzo faira, iyo data mairi yakavharidzirwa. Zviziviso zvemushandisi zvakasungirirwa kune dhairekitori repamba pane masisitimu ehurongwa - panzvimbo ye /etc/passwd uye /etc/mumvuri profile muJSON format, yakachengetwa mu ~/.identity directory. Iyo mbiri ine ma paramita anodiwa pabasa remushandisi, kusanganisira ruzivo nezve zita, password hashi, encryption kiyi, quotas, uye zvakagoverwa zviwanikwa. Iyo mbiri inogona kusimbiswa nedhijitari siginecha yakachengetwa pane yekunze Yubikey tokeni.

Maparamita anogonawo kusanganisira mamwe mashoko akadai seSSH makiyi, biometric authentication data, mufananidzo, email, kero, nguva zone, mutauro, maitiro uye ndangariro miganho, mamwe mount mamureza (nodev, noexec, nosuid), ruzivo nezve akashandiswa mushandisi IMAP/SMTP maseva. , ruzivo rwekugonesa kudzora kwevabereki, sarudzo dzekuchengetedza, nezvimwe. An API inopihwa kukumbira uye kupatsanura paramita Varlink.

UID/GID basa uye kugadzirisa kunoitwa zvine simba pane yega yega sisitimu yenzvimbo iyo dhairekitori repamba rakabatana. Uchishandisa iyo yakarongwa sisitimu, mushandisi anogona kuchengeta dhairekitori rekumba kwake naye, semuenzaniso paFlash drive, uye kuwana nharaunda yekushanda pane chero komputa pasina kunyatsogadzira account pairi (kuvapo kwefaira rine mufananidzo wedhairekitori reimba. inotungamira kune synthesis yemushandisi).

Inokurudzirwa kushandisa iyo LUKS2 subsystem yedata encryption, asi systemd-homed inobvumirawo kushandiswa kwemamwe mabackend, semuenzaniso, kune asina kunyorwa madhairekitori, Btrfs, Fscrypt uye CIFS network partitions. Kuti utore madhairekitori anotakurika, iyo homectl utility inokurudzirwa, iyo inokutendera iwe kugadzira uye kumisa mifananidzo yemadhairekitori epamba, pamwe nekuchinja saizi yavo uye kuseta password.

Padanho rehurongwa, basa rinovimbiswa nezvikamu zvinotevera:

  • systemd-homed.service - inotarisira dhairekitori repamba uye inomisikidza marekodhi eJSON zvakananga mumifananidzo yedhairekitori repamba;
  • pam_systemd - inogadzirisa parameters kubva kuJSON mbiri kana mushandisi apinda uye achiishandisa mumamiriro eiyo activated session (inoita huchokwadi, inogadzirisa nharaunda dzakasiyana, nezvimwewo);
  • systemd-logind.service - inoshandisa parameters kubva kuJSON profile kana mushandisi apinda mukati, anoshandisa zvirongwa zvakasiyana-siyana zvekugadzirisa zviwanikwa uye anoisa miganhu;
  • nss-systemd - NSS module ye glibc, inogadzira zvinyorwa zveNSS zvekare zvichibva pane JSON mbiri, ichipa kuseri kunoenderana neiyo UNIX mushandisi kugadzirisa API (/etc/password);
  • PID 1 - ine simba inogadzira vashandisi (yakagadzirwa nekuenzanisa nekushandiswa kweiyo DynamicUser rairo mumayuniti) uye inoita kuti vaonekwe kune yasara sisitimu;
  • systemd-userdbd.service - inoshandura maakaundi eUNIX/glibc NSS kuita marekodhi eJSON uye inopa Varlink API yakabatana yekubvunza uye kudzokorodza pamusoro pemarekodhi.

Zvakanakira iyo yakarongwa system zvinosanganisira kugona kubata vashandisi kana uchiisa iyo / etc dhairekitori mune yekuverenga-chete modhi, kusavapo kwechido chekuyananisa zviziviso (UID/GID) pakati pehurongwa, kusununguka kwemushandisi kubva kune chaiyo komputa, kuvharira mushandisi data. panguva yekurara mode, kushandiswa kwekunyorera uye nzira dzemazuva ano dzekusimbisa. Systemd-homed yakarongwa kuverengerwa musystemd mainstream mukuburitswa 244 kana 245.

Muenzaniso wemushandisi weJSON:

"autoLogin": chokwadi,
"kusunga": {
Β«15e19cd24e004b949ddaac60c74aa165Β» : {
"fileSystemType" : "ext4"
Β«fileSystemUUIDΒ» : Β«758e88c8-5851-4a2a-b98f-e7474279c111Β»,
"gid": 60232,
"homeDirectory" : "/home/test",
"imagePath" : "/home/test.home",
"luksCipher" : "aes",
"luksCipherMode" : "xts-plain64",
Β«luksUUIDΒ» : Β«e63581ba-79fa-4226-b9de-1888393f7573Β»,
"luksVolumeKeySize" : 32,
Β«partitionUUIDΒ» : Β«41f9ce04-c927-4b74-a981-c669f93eb4dcΒ»,
"storage" : "luks",
"uid" : 60233
}
},
"disposition" : "nguva dzose",
"enforcePasswordPolicy": nhema,
"lastChangeUSec" : 1565951024279735,
"nhengo": [
"vhiri"
],
"ropafadzo" : {
"hashedPassword" : [
Β«$6$WHBKvAFFT9jKPA4k$OPY4D5…/Β»
] },
"siginicha": [
{
"data" : "LU/HeVrPZSzi3M3J...==",
"key" : "β€”β€”TANGA PUBLIC KEYβ€”β€”\nMCowBQADK2VwAy…=\nβ€”β€”ENDA PUBLIC KEYβ€”β€”\n"
}
],
"userName" : "test",
"chimiro": {
Β«15e19cf24e004b949dfaac60c74aa165Β» : {
"goodAuthenticationCounter": 16,
"lastGoodAuthenticationUSec" : 1566309343044322,
"rateLimitBeginUSec" : 1566309342341723,
"rateLimitCount" : 1,
"state" : "kusashanda",
"service" : "io.systemd.Home",
"diskSize" : 161218667776,
"diskCeiling": 191371729408,
"diskFloor": 5242780,
"signedLocally": chokwadi
}
}

Source: opennet.ru

Voeg