Abwaan Lennart () shirka All Systems Go 2019, qayb cusub oo ka mid ah nidaamka maamulaha nidaamka - , looga dan leeyahay in laga dhigo hagayaasha guriga kuwo la qaadi karo oo ka duwan goobaha nidaamka. Fikradda ugu weyn ee mashruucu waa in la abuuro jawi isku filan oo loogu talagalay xogta isticmaalaha kuwaas oo lagu wareejin karo nidaamyada kala duwan iyada oo aan laga walwalin isku-dhafka aqoonsiga iyo sirta.
Deegaanka hagaha gurigu wuxuu ku yimaadaa qaab faylka sawirka ku rakiban, xogta ku jirta sir. Aqoonsiga isticmaaluhu waxay ku xidhan yihiin hagaha guriga halkii ay ka ahaan lahaayeen goobaha nidaamka - beddelkii /etc/passwd iyo /etc/shadow oo ah qaabka JSON, oo lagu kaydiyay buugga ~/. aqoonsiga. Profile-ku waxa uu ka kooban yahay halbeegyada lagama maarmaanka u ah shaqada isticmaalaha, oo ay ku jiraan macluumaadka ku saabsan magaca, xadhkaha sirta ah, furayaasha sirta ah, kootooyinka, iyo agabyada la qoondeeyey. Profile-ka waxaa lagu cadeeyn karaa saxiixa dhijitaalka ah oo lagu keydiyay calaamad Yubikey dibadda ah.
Halbeegyada sidoo kale waxaa ku jiri kara macluumaad dheeri ah sida furayaasha SSH, xogta xaqiijinta biometric, sawirka, iimaylka, ciwaanka, aagga waqtiga, luqadda, habka iyo xadka xusuusta, calamada dheeriga ah (nodev, noexec, nosuid), macluumaadka ku saabsan adeegsadaha IMAP/SMTP , macluumaadka ku saabsan awood u siinta kontaroolada waalidka, doorashooyinka kaydinta, iwm. API ayaa la bixiyaa si loo codsado oo loo kala saaro cabbirrada .
UID/GID meelaynta iyo habaynta ayaa si firfircoon loogu sameeyaa nidaam kasta oo maxalli ah kaas oo hagaha gurigu ku xidhan yahay. Isticmaalka nidaamka la soo jeediyay, isticmaaluhu wuxuu ku hayn karaa tusaha gurigiisa, tusaale ahaan Flash Drive, oo wuxuu ka heli karaa jawi shaqo kombiyuutar kasta isaga oo aan si cad u samayn xisaab (joogitaanka fayl leh sawirka tusaha guriga). waxay keenaysaa isku-dhafka isticmaalaha).
Waxaa la soo jeediyay in loo isticmaalo nidaamka hoose ee LUKS2 xogta sirta ah, laakiin systemd-homed sidoo kale waxay ogolaataa isticmaalka gadaasha kale, tusaale ahaan, hagayaasha aan la sireynin, Btrfs, Fscrypt iyo qaybaha shabakada CIFS. Si loo maareeyo hagayaasha la qaadi karo, utility homectl ayaa la soo jeediyay, kaas oo kuu ogolaanaya inaad abuurto oo aad dhaqaajiso sawirada hagayaasha guriga, iyo sidoo kale beddesho cabbirkooda oo dejiso furaha sirta ah.
Heerka nidaamka, shaqada waxaa lagu hubiyaa qaybaha soo socda:
- systemd-homed.service - waxay maamushaa tusaha guriga oo waxay si toos ah ugu dhejisaa diiwaanada JSON sawirada hagaha guriga;
- pam_systemd - waxay ka baaraandegtaa cabirrada astaanta guud ee JSON marka adeegsaduhu soo galo oo ku dabaqo macnaha guud ee fadhiga la furay (waxay fulisaa xaqiijinta, waxay dejisaa doorsoomayaasha deegaanka, iwm.);
- systemd-logind.service - waxay ka baaraandegtaa halbeegyada astaanta JSON marka isticmaaluhu soo galo, dabaqo dejinta maaraynta khayraadka kala duwan wuxuuna dejiyaa xad;
- nss-systemd - moduleka NSS ee glibc, wuxuu isku daraa diiwaannada NSS-ta caadiga ah ee ku saleysan astaanta JSON, siinta dib u habeynta UNIX API ee habaynta adeegsadaha (/etc/password);
- PID 1 - si firfircoon ayuu u abuuraa isticmaalayaasha (oo lagu soo daray isticmaalka dardaaranka DynamicUser ee cutubyada) oo ka dhigaya kuwo la arki karo nidaamka intiisa kale;
- systemd-userdbd.service - waxay u tarjuntaa UNIX/glibc NSS xisaabaadka diiwaanada JSON oo waxay siisaa Varlink API midaysan oo wax waydiinta iyo dib u habeynta diiwaanada.
Faa'iidooyinka nidaamka la soo jeediyay waxaa ka mid ah awoodda lagu maareeyo isticmaaleyaasha marka la saarayo tusaha / iwm ee habka akhrinta-kaliya, maqnaanshaha baahida isku-dubbaridka aqoonsiga (UID/GID) ee u dhexeeya nidaamyada, madaxbannaanida isticmaalaha kombiyuutar gaar ah, xannibaya xogta isticmaalaha inta lagu jiro qaabka hurdada, isticmaalka sirta iyo hababka aqoonsiga casriga ah. Systemd-homed waxa la qorsheeyay in lagu daro nidaamka guud ee siidaynta 244 ama 245.
Tusaale bogga isticmaalaha JSON:
"autoLogin": run,
"qabashada": {
«15e19cd24e004b949ddaac60c74aa165» : {
"fileSystemType": "ext4"
«fileSystemUUID» : «758e88c8-5851-4a2a-b98f-e7474279c111»,
"gid": 60232,
"homeDirectory" : "/home/tijaabin",
"imagePath": "/home/test.home",
"luksCipher" : "aes",
"luksCipherMode" : "xts-plain64",
«luksUUID» : «e63581ba-79fa-4226-b9de-1888393f7573»,
"luksVolumeKeySize" : 32,
«partitionUUID» : «41f9ce04-c927-4b74-a981-c669f93eb4dc»,
"storage" : "luks",
"Uid": 60233
}
},
"disposition" : "regular",
"enforcePasswordPolicy": been,
"lastChangeUSec": 1565951024279735,
"xubin ka mid ah": [
" wheel "
],
"mudnaan leh": {
"hashedPassword": [
«$6$WHBKvAFFT9jKPA4k$OPY4D5…/»
]},
"saxiixa": [
{
"xogta" : "LU/HeVrPZSzi3M3J...==",
"key" : "——BILAASH FURAHA GUUD——\nMCowBQADK2VwAy…=\n——Dhammaadka Furaha guud——\n"
}
],
"userName" : "tijaabada",
"status" : {
«15e19cf24e004b949dfaac60c74aa165» : {
"goodAuthenticationCounter": 16,
"lastGoodAuthenticationUSec": 1566309343044322,
"rateLimitBeginUSec": 1566309342341723,
"Xadiga Xadka": 1,
"state" : "aan firfircoonayn",
"service": "io.systemd.Home",
"DiskSize": 161218667776,
"diskCeiling": 191371729408,
"diskFloor": 5242780,
"signedLocly": run
}
}
Source: opennet.ru