Lennart Pottering () kopanong ea All Systems Go 2019, karolo e ncha ea tsamaiso ea tsamaiso systemd - , e reretsoeng ho etsa hore libuka tsa lapeng tsa basebelisi li nkehe le ho arohana le litlhophiso tsa sistimi. Mohopolo o ka sehloohong oa morero ke ho theha libaka tse ikemetseng bakeng sa data ea mosebelisi e ka fetisetsoang lipakeng tsa litsamaiso tse fapaneng ntle le ho tšoenyeha ka khokahano ea li-identifier le lekunutu.
Sebaka sa marang-rang sa lapeng se tla ka sebopeho sa faele ea setšoantšo e kentsoeng, data eo ho eona e kentsoeng ka mokhoa o patiloeng. Lintlha tsa mosebelisi li tlameletsoe bukeng ea lapeng ho fapana le litlhophiso tsa sistimi - sebakeng sa /etc/passwd le /etc/shadow ka sebopeho sa JSON, se bolokiloeng ~/.identity directory. Profaele e na le liparamente tse hlokahalang bakeng sa mosebetsi oa mosebelisi, ho kenyelletsa le tlhahisoleseling mabapi le lebitso, password hash, linotlolo tsa encryption, quotas, le lisebelisoa tse fanoeng. Boemo bo ka netefatsoa ka signature ea dijithale e bolokiloeng ho token ea Yubikey e kantle.
Liparamente li ka kenyelletsa lintlha tse ling joalo ka linotlolo tsa SSH, data ea netefatso ea biometric, setšoantšo, lengolo-tsoibila, aterese, sebaka sa nako, puo, ts'ebetso le meeli ea memori, lifolakha tse ling tsa mount (nodev, noexec, nosuid), leseli mabapi le basebelisi ba IMAP/SMTP , tlhahisoleseding e mabapi le ho dumella ditaolo tsa batswadi, dikgetho tsa bekapo, jj. Ho fanoa ka API ho kopa le ho bapisa liparamente .
Kabelo ea UID/GID le ts'ebetso e etsoa ka matla ho sistimi e 'ngoe le e' ngoe ea lehae eo buka ea lehae e hokahaneng ho eona. A sebelisa sistimi e reriloeng, mosebelisi a ka boloka bukana ea hae ea lapeng ho eena, ka mohlala ho Flash drive, mme a fumana tikoloho ea ho sebetsa khomphuteng efe kapa efe ntle le ho theha ak'haonte ho eona (ho ba teng ha faele e nang le setšoantšo sa bukana ea lapeng. e lebisa ho kopanyo ya mosebedisi).
Ho sisinyeha hore ho sebelisoe subsystem ea LUKS2 bakeng sa encryption ea data, empa systemd-homed e boetse e lumella ts'ebeliso ea li-backend tse ling, mohlala, bakeng sa li-directory tse sa ngolisoang, Btrfs, Fscrypt le CIFS network partitions. Ho laola li-directory tse nkehang habobebe, sesebelisoa sa homectl se hlahisitsoe, se u lumellang hore u thehe le ho kenya ts'ebetsong litšoantšo tsa li-directory tsa lapeng, hammoho le ho fetola boholo ba tsona le ho beha phasewete.
Boemong ba sistimi, mosebetsi o netefatsoa ke likarolo tse latelang:
- systemd-homed.service - e laola bukana ea lehae le ho kenya lirekoto tsa JSON ka ho toba litšoantšong tsa libuka tsa lapeng;
- pam_systemd - e sebetsana le liparamente ho tsoa ho profil ea JSON ha mosebelisi a kena 'me a e sebelisa molemong oa nako e kentsoeng (e etsa netefatso, e lokisa maemo a fapaneng a tikoloho, joalo-joalo);
- systemd-logind.service - e sebetsana le litekanyetso ho tsoa ho profil ea JSON ha mosebelisi a kena, o sebelisa litlhophiso tse fapaneng tsa taolo ea lisebelisoa mme o beha meeli;
- nss-systemd - NSS module bakeng sa glibc, e kopanya lirekoto tsa khale tsa NSS tse ipapisitseng le boemo ba JSON, e fana ka ho lumellana ka morao le UNIX user processing API (/etc/password);
- PID 1 - e theha basebelisi ka matla (e kopantsoeng ka papiso le ts'ebeliso ea litaelo tsa DynamicUser ka li-unit) mme e etsa hore li bonahale ho sistimi eohle;
- systemd-userdbd.service - e fetolela li-account tsa UNIX/glibc NSS ho lirekoto tsa JSON mme e fana ka Varlink API e kopaneng bakeng sa ho botsa le ho pheta-pheta lirekoto.
Melemo ea sistimi e reriloeng e kenyelletsa bokhoni ba ho laola basebelisi ha o kenya / joalo-joalo ka mokhoa oa ho bala feela, ho ba sieo ha tlhokahalo ea ho hokahanya li-identifiers (UID/GID) lipakeng tsa litsamaiso, boipuso ba mosebelisi ho tsoa komporong e itseng, ho thibela data ea mosebelisi. nakong ea mokhoa oa ho robala, ts'ebeliso ea li-encryption le mekhoa ea sejoale-joale ea netefatso. Systemd-homed e reretsoe ho kenyelletsoa ho systemd mainstream tokollong ea 244 kapa 245.
Mohlala oa boemo ba mosebelisi ba JSON:
"autoLogin": 'nete,
"tlamahano" : {
«15e19cd24e004b949ddaac60c74aa165» : {
"fileSystemType" : "ext4"
«fileSystemUUID» : «758e88c8-5851-4a2a-b98f-e7474279c111»,
"gid": 60232,
"homeDirectory" : "/home/test",
"imagePath" : "/home/test.home",
"luksCipher" : "aes",
"luksCipherMode" : "xts-plain64",
«luksUUID» : «e63581ba-79fa-4226-b9de-1888393f7573»,
"luksVolumeKeySize" : 32,
«partitionUUID» : «41f9ce04-c927-4b74-a981-c669f93eb4dc»,
"storage" : "luks",
"Uid": 60233
}
},
"disposition" : "kamehla",
"enforcePasswordPolicy": bohata,
"lastChangeUSec" : 1565951024279735,
"setho sa": [
"lebili"
],
"mahlohonolo" : {
"hashedPassword" : [
«$6$WHBKvAFFT9jKPA4k$OPY4D5…/»
]},
"saeno": [
{
"data" : "LU/HeVrPZSzi3M3J...==",
"key" : "——BEGIN PUBLIC KEY——\nMCowBQADK2VwAy…=\n—— QETELA KOTLO EA SECHABA——\n"
}
],
"userName" : "test",
"boemo": {
«15e19cf24e004b949dfaac60c74aa165» : {
"GoodAuthenticationCounter": 16,
"lastGoodAuthenticationUSec" : 1566309343044322,
"rateLimitBeginUSec" : 1566309342341723,
"rateLimitCount": 1,
"state" : "e sa sebetseng",
"service" : "io.systemd.Home",
"diskSize": 161218667776,
"diskCeiling": 191371729408,
"diskFloor": 5242780,
"signedLocally" : 'nete
}
}
Source: opennet.ru