Lennart Pottering
Sebaka sa marang-rang sa lapeng se tla ka sebopeho sa faele ea setšoantšo e kentsoeng, data eo ho eona e kentsoeng ka mokhoa o patiloeng. Lintlha tsa mosebelisi li tlameletsoe bukeng ea lapeng ho fapana le litlhophiso tsa sistimi - sebakeng sa /etc/passwd le /etc/shadow
Liparamente li ka kenyelletsa lintlha tse ling joalo ka linotlolo tsa SSH, data ea netefatso ea biometric, setšoantšo, lengolo-tsoibila, aterese, sebaka sa nako, puo, ts'ebetso le meeli ea memori, lifolakha tse ling tsa mount (nodev, noexec, nosuid), leseli mabapi le basebelisi ba IMAP/SMTP , tlhahisoleseding e mabapi le ho dumella ditaolo tsa batswadi, dikgetho tsa bekapo, jj. Ho fanoa ka API ho kopa le ho bapisa liparamente
Kabelo ea UID/GID le ts'ebetso e etsoa ka matla ho sistimi e 'ngoe le e' ngoe ea lehae eo buka ea lehae e hokahaneng ho eona. A sebelisa sistimi e reriloeng, mosebelisi a ka boloka bukana ea hae ea lapeng ho eena, ka mohlala ho Flash drive, mme a fumana tikoloho ea ho sebetsa khomphuteng efe kapa efe ntle le ho theha ak'haonte ho eona (ho ba teng ha faele e nang le setšoantšo sa bukana ea lapeng. e lebisa ho kopanyo ya mosebedisi).
Ho sisinyeha hore ho sebelisoe subsystem ea LUKS2 bakeng sa encryption ea data, empa systemd-homed e boetse e lumella ts'ebeliso ea li-backend tse ling, mohlala, bakeng sa li-directory tse sa ngolisoang, Btrfs, Fscrypt le CIFS network partitions. Ho laola li-directory tse nkehang habobebe, sesebelisoa sa homectl se hlahisitsoe, se u lumellang hore u thehe le ho kenya ts'ebetsong litšoantšo tsa li-directory tsa lapeng, hammoho le ho fetola boholo ba tsona le ho beha phasewete.
Boemong ba sistimi, mosebetsi o netefatsoa ke likarolo tse latelang:
- systemd-homed.service - e laola bukana ea lehae le ho kenya lirekoto tsa JSON ka ho toba litšoantšong tsa libuka tsa lapeng;
- pam_systemd - e sebetsana le liparamente ho tsoa ho profil ea JSON ha mosebelisi a kena 'me a e sebelisa molemong oa nako e kentsoeng (e etsa netefatso, e lokisa maemo a fapaneng a tikoloho, joalo-joalo);
- systemd-logind.service - e sebetsana le litekanyetso ho tsoa ho profil ea JSON ha mosebelisi a kena, o sebelisa litlhophiso tse fapaneng tsa taolo ea lisebelisoa mme o beha meeli;
- nss-systemd - NSS module bakeng sa glibc, e kopanya lirekoto tsa khale tsa NSS tse ipapisitseng le boemo ba JSON, e fana ka ho lumellana ka morao le UNIX user processing API (/etc/password);
- PID 1 - e theha basebelisi ka matla (e kopantsoeng ka papiso le ts'ebeliso ea litaelo tsa DynamicUser ka li-unit) mme e etsa hore li bonahale ho sistimi eohle;
- systemd-userdbd.service - e fetolela li-account tsa UNIX/glibc NSS ho lirekoto tsa JSON mme e fana ka Varlink API e kopaneng bakeng sa ho botsa le ho pheta-pheta lirekoto.
Melemo ea sistimi e reriloeng e kenyelletsa bokhoni ba ho laola basebelisi ha o kenya / joalo-joalo ka mokhoa oa ho bala feela, ho ba sieo ha tlhokahalo ea ho hokahanya li-identifiers (UID/GID) lipakeng tsa litsamaiso, boipuso ba mosebelisi ho tsoa komporong e itseng, ho thibela data ea mosebelisi. nakong ea mokhoa oa ho robala, ts'ebeliso ea li-encryption le mekhoa ea sejoale-joale ea netefatso. Systemd-homed e reretsoe ho kenyelletsoa ho systemd mainstream tokollong ea 244 kapa 245.
Mohlala oa boemo ba mosebelisi ba JSON:
"autoLogin": 'nete,
"tlamahano" : {
«15e19cd24e004b949ddaac60c74aa165» : {
"fileSystemType" : "ext4"
«fileSystemUUID» : «758e88c8-5851-4a2a-b98f-e7474279c111»,
"gid": 60232,
"homeDirectory" : "/home/test",
"imagePath" : "/home/test.home",
"luksCipher" : "aes",
"luksCipherMode" : "xts-plain64",
«luksUUID» : «e63581ba-79fa-4226-b9de-1888393f7573»,
"luksVolumeKeySize" : 32,
«partitionUUID» : «41f9ce04-c927-4b74-a981-c669f93eb4dc»,
"storage" : "luks",
"Uid": 60233
}
},
"disposition" : "kamehla",
"enforcePasswordPolicy": bohata,
"lastChangeUSec" : 1565951024279735,
"setho sa": [
"lebili"
],
"mahlohonolo" : {
"hashedPassword" : [
«$6$WHBKvAFFT9jKPA4k$OPY4D5…/»
]},
"saeno": [
{
"data" : "LU/HeVrPZSzi3M3J...==",
"key" : "——BEGIN PUBLIC KEY——\nMCowBQADK2VwAy…=\n—— QETELA KOTLO EA SECHABA——\n"
}
],
"userName" : "test",
"boemo": {
«15e19cf24e004b949dfaac60c74aa165» : {
"GoodAuthenticationCounter": 16,
"lastGoodAuthenticationUSec" : 1566309343044322,
"rateLimitBeginUSec" : 1566309342341723,
"rateLimitCount": 1,
"state" : "e sa sebetseng",
"service" : "io.systemd.Home",
"diskSize": 161218667776,
"diskCeiling": 191371729408,
"diskFloor": 5242780,
"signedLocally" : 'nete
}
}
Source: opennet.ru