systemd linux
isak55/Shutterstock isak55 / ShutterstockThe team behind systemd
want you to adopt a new way of managing home directories. Calling it a “new way” is putting it lightly—this is a real paradigm shift for Linux. Here’s everything you need to know about systemd-homed
, which is likely coming to a Linux distro near you.
systemd
背后的团队希望您采用一种管理主目录的新方法。 称其为“新方法”是轻描淡写-这是Linux的真正范式转变。 这是有关systemd-homed
的所有信息,您可能会发现附近的Linux发行版。
When systemd
was introduced in 2010, the Linux community split into three camps. Some thought it was an improvement, and others thought it was a flawed design that didn’t adhere to the Unix philosophy. And some didn’t care one way or the other.
当systemd
在2010年推出时,Linux社区分为三个阵营。 一些人认为这是一种改进,而另一些人则认为这是一种有缺陷的设计,不符合Unix哲学 。 有些人不在乎其中一种方式。
The backlash from the opposers was loud, heated, and, in some cases, almost fanatical. Lennart Poettering, a software engineer at Red Hat and co-developer of systemd, even received death threats.
反对者的强烈反对是强烈的,有时甚至是狂热的。 Red Hat的软件工程师,systemd的共同开发者Lennart Poettering甚至受到死亡威胁。
Songs advocating violence toward Poettering were posted on YouTube, and websites appeared trying to coerce Linux users to boycott systemd
. His co-developer, Kay Sievers, also received criticism and abuse, but Poettering certainly bore the brunt of it.
在YouTube上发布了鼓吹对Poettering进行暴力宣传的歌曲,网站似乎试图强迫Linux用户抵制systemd
。 他的共同开发者凯·西弗斯 ( Kay Sievers )也受到批评和虐待,但波特林无疑首当其冲。
Yet, within eight months, Fedora was using systemd
. By the end of 2013, Arch, Debian, Manjaro, and Ubuntu had all moved to systemd
. Of course, the glory of open source is if you don’t like something, you can fork the source code and do your own thing with it. New distributions—like Devuan, which was a fork of Debian—were created solely to avoid using systemd
.
然而,在八个月内,Fedora使用了systemd
。 到2013年底, Arch , Debian , Manjaro和Ubuntu都已迁移到systemd
。 当然,开放源代码的荣耀在于,如果您不喜欢某些东西,则可以分叉源代码并使用它来做自己的事情。 仅仅为了避免使用systemd
,而是创建了新发行版(例如Devuan ,这是Debian的分支)。
In the Linux directory structure, everything you do resides within the “/home” directory. Your data files, images, music, and entire personal directory tree are stored within this one directory named after your user account.
在Linux目录结构中 ,您所做的一切都位于“ / home”目录中。 您的数据文件,图像,音乐和整个个人目录树都存储在以您的用户帐户命名的一个目录中。
The settings for your applications are stored in your home folder in hidden “dot directories.” If the first character of a file or directory name is a period (.), it’s hidden. Because these settings are stored locally and not in a central registry—and because a backup of your home directory includes these hidden files and folders—all your settings get backed up too.
应用程序的设置存储在主文件夹的隐藏“点目录”中。 如果文件或目录名称的第一个字符是句点(。),则它是隐藏的。 由于这些设置存储在本地而不是中央注册表中,并且由于主目录的备份包括这些隐藏的文件和文件夹,因此所有设置也都将得到备份。
When you restore a backup and fire up an application, like LibreOffice or Thunderbird, it looks for its hidden directory. It also finds your document preferences, toolbar settings, and any other customizations. Thunderbird finds your email account information and your email. You don’t have to go through the pain of slowly setting up each application.
当您还原备份并启动应用程序(如LibreOffice或Thunderbird)时,它将查找其隐藏目录。 它还可以找到您的文档首选项,工具栏设置以及任何其他自定义设置。 Thunderbird会找到您的电子邮件帐户信息和电子邮件。 您不必经历缓慢设置每个应用程序的痛苦。
You can use ls
with the -a
(all) option to see hidden files and directories. First, type the following:
您可以将ls
与-a
(all)选项一起使用以查看隐藏的文件和目录。 首先,键入以下内容:
ls
This shows you the regular files and directories. Next, type the following:
这将显示常规文件和目录。 接下来,键入以下内容:
ls -a
Now, you can see the hidden files and directories.
现在,您可以看到隐藏的文件和目录。
Because it’s the most precious part of an installation, it’s common for the “/home” directory to be mounted in its own partition or on a separate hard drive. This way, if something catastrophic happens to the operating system or the partition it’s on, you can either reinstall your Linux distribution or swap to a new one. Then, you can just remount your existing home partition on “/home.”
因为它是安装过程中最宝贵的部分,所以通常将“ / home”目录安装在其自己的分区或单独的硬盘驱动器中。 这样,如果操作系统或其所在分区发生灾难性事件,则可以重新安装Linux发行版或交换到新发行版。 然后,您只需在“ / home”上重新安装现有的主分区。
Your home directory doesn’t just store your data; it also stores information about you. including some attributes of your digital identity. For example, your “.ssh” directory stores information about remote connections you’ve made to other computers, and any SSH keys you’ve generated.
您的主目录不仅存储您的数据,还存储了数据。 它还存储有关您的信息。 包括您的数字身份的一些属性。 例如,“。ssh”目录存储有关您与其他计算机的远程连接以及所生成的任何SSH密钥的信息。
Other system attributes, such as your account username, password, and unique user ID, are stored elsewhere in files like “/etc/passwd” and “/etc/shadow.” Anyone can read some of these, but others can only be read by people who have root privileges.
其他系统属性,例如您的帐户用户名,密码和唯一的用户ID ,存储在其他位置,例如“ / etc / passwd”和“ / etc / shadow”。 任何人都可以阅读其中一些内容,但其他人只能由具有root特权的人阅读。
This is what the contents of the “/etc/passwd” file looks like:
这是“ / etc / passwd”文件的内容的样子:
cat /etc/passwd
The intent of the systemd-homed
changes is to provide a fully portable home directory with both your data and Linux digital identity stored within it. Your UID and all other identification and authentication mechanisms will be stored only within your home directory.
系统systemd-homed
更改的目的是提供一个完全可移植systemd-homed
目录,其中包含您的数据和Linux数字标识。 您的UID以及所有其他标识和身份验证机制将仅存储在您的主目录中。
Due to their “all eggs in one basket” design, home directories are encrypted. They’re decrypted automatically whenever you log in and encrypted again whenever you log out. The preferred method is to use the Linux Unified Key Setup (LUKS) disk encryption. However, there are other schemes available, such as fscrypt.
由于其“所有鸡蛋都放在一个篮子里”的设计,主目录被加密了。 它们在您每次登录时都会自动解密,并且在您每次退出时都会再次加密。 首选方法是使用Linux统一密钥设置 (LUKS)磁盘加密。 但是,还有其他可用的方案,例如fscrypt 。
A JavaScript Object Notation (JSON) user record stores all your identity information in a directory called “~/.identity.” It’s cryptographically signed with a key that’s outside your control.
JavaScript对象表示法 (JSON)用户记录将所有身份信息存储在名为“〜/ .identity”的目录中。 它使用您无法控制的密钥进行加密签名。
Each person’s home directory is mounted on a loopback device, similar to the way in which a snap
application is mounted. This is so the directory tree within the home directory appears as a seamless part of the directory tree of the operating system. The mount point defaults to “/home/$USER.homedir” (“$USER” is replaced by the person’s account name).
每个人的主目录都安装在环回设备上,类似于安装snap
应用程序的方式。 这样一来,主目录中的目录树将显示为操作系统目录树的无缝部分。 挂载点默认为“ /home/$USER.homedir”(“$USER”替换为该人的帐户名)。
Because your home directory becomes a secure encapsulation of all your data, you could even have your home directory on a removable device. For example, you could use a USB drive to move it between your work and home machines, or any other systemd-homed
computer.
由于主目录成为所有数据的安全封装,因此您甚至可以将主目录放在可移动设备上。 例如,你可以使用一个USB驱动器,你的工作和家用机,或任何其他之间移动systemd-homed
计算机。
This is what Poettering meant by “a fully portable home directory.” He said even if you don’t want to move your home directory around on a portable device, this will make upgrades and migrations easier and increase security.
这就是Poettering所说的“完全可移植的主目录”。 他说,即使您不想在便携式设备上移动主目录,这也将使升级和迁移更加容易,并提高安全性。
It removes what he calls “sidecar databases,” which contain snippets of important information about you that Poettering thinks should be centralized. The “/etc/passwd” and “/etc/shadow” files contain authentication information and hashed passwords. However, they also hold information like your default shell, the General Electric Comprehensive Operating Supervisor (GECOS) field.
它删除了他所谓的“ sidecar数据库”,其中包含有关您的重要信息的摘要,Poettering认为这些摘要应该集中处理。 “ / etc / passwd”和“ / etc / shadow”文件包含认证信息和哈希密码。 但是,它们还保存诸如默认外壳, 通用电气综合运行主管 (GECOS)字段之类的信息。
Poettering said this metadata should be rationalized and stored in meaningful groups within the JSON record of each person in their home directory.
Poettering表示,应合理化此元数据并将其存储在每个人的主目录的JSON记录内的有意义的组中。
The systemd-homed
service is controlled through the new homectl
command-line tool.
通过新的homectl
命令行工具可控制系统systemd-homed
服务。
There are options to create users and home directories and set storage limits for each user. You can also set the password, lock someone out of his account, or delete an account completely. Users can be inspected, and their JSON user records can also be read.
有用于创建用户和主目录以及为每个用户设置存储限制的选项。 您还可以设置密码,将某人锁定在其帐户之外或完全删除一个帐户。 可以检查用户,还可以读取其JSON用户记录。
Time zones and other location-based information can also be set for each user. You can specify the default shell, and even set environment variables so they’re in a certain state whenever someone logs in.
还可以为每个用户设置时区和其他基于位置的信息。 您可以指定默认外壳程序,甚至可以设置环境变量,以便每当有人登录时它们都处于特定状态。
If you look in the “/home” directory, you see systemd-homed
managed entries that look like the following, with “.homedir” appended to the username:
如果查看“ / home”目录,则会看到systemd-homed
托管条目,如下所示,并在用户名后附加了“ .homedir”:
/home/dave.homedir
Remember, this is just a mount point. The location of the actual encrypted home directory is elsewhere.
请记住,这只是一个安装点。 实际的加密主目录的位置在其他位置。
systemd-homed
is only for use on the user accounts of humans. It can’t handle user accounts with a UID of less than 1,000. In other words, root, daemon, bin, and so on, can’t be administered using the new scheme. There’s always going to be a need for the standard ways of administering users. Therefore, systemd-homed
isn’t a global solution.
systemd-homed
仅适用于人类用户帐户。 它不能处理UID小于1000的用户帐户。 换句话说,不能使用新方案来管理root,daemon,bin等。 始终需要使用标准方式来管理用户。 因此, systemd-homed
不是全局解决方案。
There’s a known catch-22 that needs to be resolved. As we mentioned previously, a person’s home directory is decrypted whenever he or she logs in. But if someone is remotely accessing the computer over SSH, the SSH keys in the home directory can’t be referenced because the home directory is still encrypted until that person logs in. Of course, one needs the SSH keys to authenticate against before he or she can log in.
有一个已知的catch-22需要解决。 正如我们前面提到的,一个人的主目录每次登录都会被解密。但是,如果某人通过SSH远程访问计算机,则该主目录中的SSH密钥将无法被引用,因为该主目录在此之前仍是加密的人员登录。当然,在登录之前,需要先通过SSH密钥进行身份验证。
This was a recognized issue by the systemd-homed
team, but we couldn’t find any reference about a fix for this. We’re sure they’ll come up with a solution; it would be a spectacular pratfall if they don’t.
这是systemd-homed
团队公认的问题,但是我们找不到有关此修复程序的任何参考。 我们确定他们会提出解决方案; 如果他们不这样做,那将是一次壮观的掠夺。
Let’s say someone transports his home directory to a new machine. If the UID is already being used on the new machine by someone else, he’ll be assigned a new UID automatically. Of course, all his files will have to have their ownership reassigned to the new UID.
假设有人将其主目录传输到新计算机上。 如果其他人已经在新计算机上使用了UID,则会自动为他分配新的UID。 当然,他的所有文件都必须将其所有权重新分配给新的UID。
Currently, this is being handled by a recursive, automatic application of the chown -R
command. This will probably be handled differently in the future when a more elegant scheme is developed. This heavy-handed approach doesn’t take into account the daemons and processes that run as other users.
当前,这是通过chown -R
命令的递归自动应用程序来处理的。 当开发出更优雅的方案时,将来可能会对此进行不同的处理。 这种笨拙的方法没有考虑作为其他用户运行的守护程序和进程。
This is happening now. The code changes were submitted on Jan. 20, 2020, and they were included in build 245 of systemd
, which shipped with Ubuntu 20.04 in April 2020.
这正在发生。 代码更改于2020年1月20日提交 ,已包含在systemd
版本245中,该版本于2020年4月随Ubuntu 20.04一起提供。
To check which version you have, type the following:
要检查您拥有的版本,请键入以下内容:
systemd --version
The homectl
command isn’t yet present, though. Ubuntu 20.04 uses a traditional /home directory and doesn’t use systemd-homed.
但是, homectl
命令尚不存在。 Ubuntu 20.04使用传统的/ home目录,而不使用systemd-homed。
Of course, it’s up to the individual distributions to decide when they’ll include and support systemd-homed
and homectl
.
当然,由各个发行版决定何时包括和支持systemd-homed
和homectl
。
So, there’s no need for anyone to go into full-on pitchforks and burning torches mode. Because the standard methods for managing users and home directories will remain, we’ll all still have choices.
因此,无需任何人进入全面的干草叉和燃烧的火把模式。 因为将保留用于管理用户和主目录的标准方法,所以我们所有人仍然可以选择。
翻译自: https://www.howtogeek.com/673018/systemd-will-change-how-your-linux-home-directory-works/
systemd linux