No Stranger to Controversy
When systemd was introduced in 2010, the Linux community split into three camps. Some thought it was an improvement, and others thought it was a flawed design that didn’t adhere to the Unix philosophy. And some didn’t care one way or the other.
The backlash from the opposers was loud, heated, and, in some cases, almost fanatical. Lennart Poettering, a software engineer at Red Hat and co-developer of systemd, even received death threats.
Songs advocating violence toward Poettering were posted on YouTube, and websites appeared trying to coerce Linux users to boycott systemd. His co-developer, Kay Sievers, also received criticism and abuse, but Poettering certainly bore the brunt of it.
Yet, within eight months, Fedora was using systemd. By the end of 2013, Arch, Debian, Manjaro, and Ubuntu had all moved to systemd. Of course, the glory of open source is if you don’t like something, you can fork the source code and do your own thing with it. New distributions—like Devuan, which was a fork of Debian—were created solely to avoid using systemd.
RELATED: How to Manage Systemd Services on a Linux System
Your $HOME Directory
In the Linux directory structure, everything you do resides within the “/home” directory. Your data files, images, music, and entire personal directory tree are stored within this one directory named after your user account.
The settings for your applications are stored in your home folder in hidden “dot directories.” If the first character of a file or directory name is a period (.), it’s hidden. Because these settings are stored locally and not in a central registry—and because a backup of your home directory includes these hidden files and folders—all your settings get backed up too.
When you restore a backup and fire up an application, like LibreOffice or Thunderbird, it looks for its hidden directory. It also finds your document preferences, toolbar settings, and any other customizations. Thunderbird finds your email account information and your email. You don’t have to go through the pain of slowly setting up each application.
You can use ls with the -a (all) option to see hidden files and directories. First, type the following:
This shows you the regular files and directories. Next, type the following:
Now, you can see the hidden files and directories.
Because it’s the most precious part of an installation, it’s common for the “/home” directory to be mounted in its own partition or on a separate hard drive. This way, if something catastrophic happens to the operating system or the partition it’s on, you can either reinstall your Linux distribution or swap to a new one. Then, you can just remount your existing home partition on “/home.”
RELATED: The Linux Directory Structure, Explained
Data About You
Your home directory doesn’t just store your data; it also stores information about you. including some attributes of your digital identity. For example, your “.ssh” directory stores information about remote connections you’ve made to other computers, and any SSH keys you’ve generated.
Other system attributes, such as your account username, password, and unique user ID, are stored elsewhere in files like “/etc/passwd” and “/etc/shadow.” Anyone can read some of these, but others can only be read by people who have root privileges.
This is what the contents of the “/etc/passwd” file looks like:
RELATED: How to Change User Data With chfn and usermod on Linux
The systemd-homed Changes
The intent of the systemd-homed changes is to provide a fully portable home directory with both your data and Linux digital identity stored within it. Your UID and all other identification and authentication mechanisms will be stored only within your home directory.
Due to their “all eggs in one basket” design, home directories are encrypted. They’re decrypted automatically whenever you log in and encrypted again whenever you log out. The preferred method is to use the Linux Unified Key Setup (LUKS) disk encryption. However, there are other schemes available, such as fscrypt.
A JavaScript Object Notation (JSON) user record stores all your identity information in a directory called “~/.identity.” It’s cryptographically signed with a key that’s outside your control.
Each person’s home directory is mounted on a loopback device, similar to the way in which a snap application is mounted. This is so the directory tree within the home directory appears as a seamless part of the directory tree of the operating system. The mount point defaults to “/home/$USER.homedir” (“$USER” is replaced by the person’s account name).
What Are the Benefits?
Because your home directory becomes a secure encapsulation of all your data, you could even have your home directory on a removable device. For example, you could use a USB drive to move it between your work and home machines, or any other systemd-homed computer.
This is what Poettering meant by “a fully portable home directory.” He said even if you don’t want to move your home directory around on a portable device, this will make upgrades and migrations easier and increase security.
It removes what he calls “sidecar databases,” which contain snippets of important information about you that Poettering thinks should be centralized. The “/etc/passwd” and “/etc/shadow” files contain authentication information and hashed passwords. However, they also hold information like your default shell, the General Electric Comprehensive Operating Supervisor (GECOS) field.
Poettering said this metadata should be rationalized and stored in meaningful groups within the JSON record of each person in their home directory.
Managing Your New $HOME
The systemd-homed service is controlled through the new homectl command-line tool.
There are options to create users and home directories and set storage limits for each user. You can also set the password, lock someone out of his account, or delete an account completely. Users can be inspected, and their JSON user records can also be read.
Time zones and other location-based information can also be set for each user. You can specify the default shell, and even set environment variables so they’re in a certain state whenever someone logs in.
If you look in the “/home” directory, you see systemd-homed managed entries that look like the following, with “.homedir” appended to the username:
Remember, this is just a mount point. The location of the actual encrypted home directory is elsewhere.
Limitations and Issues
systemd-homed is only for use on the user accounts of humans. It can’t handle user accounts with a UID of less than 1,000. In other words, root, daemon, bin, and so on, can’t be administered using the new scheme. There’s always going to be a need for the standard ways of administering users. Therefore, systemd-homed isn’t a global solution.
There’s a known catch-22 that needs to be resolved. As we mentioned previously, a person’s home directory is decrypted whenever he or she logs in. But if someone is remotely accessing the computer over SSH, the SSH keys in the home directory can’t be referenced because the home directory is still encrypted until that person logs in. Of course, one needs the SSH keys to authenticate against before he or she can log in.
This was a recognized issue by the systemd-homed team, but we couldn’t find any reference about a fix for this. We’re sure they’ll come up with a solution; it would be a spectacular pratfall if they don’t.
Let’s say someone transports his home directory to a new machine. If the UID is already being used on the new machine by someone else, he’ll be assigned a new UID automatically. Of course, all his files will have to have their ownership reassigned to the new UID.
Currently, this is being handled by a recursive, automatic application of the chown -R command. This will probably be handled differently in the future when a more elegant scheme is developed. This heavy-handed approach doesn’t take into account the daemons and processes that run as other users.
RELATED: How to Create and Install SSH Keys From the Linux Shell
When Is This Happening?
This is happening now. The code changes were submitted on Jan. 20, 2020, and they were included in build 245 of systemd, which shipped with Ubuntu 20.04 in April 2020.
To check which version you have, type the following:
The homectl command isn’t yet present, though. Ubuntu 20.04 uses a traditional /home directory and doesn’t use systemd-homed.
Of course, it’s up to the individual distributions to decide when they’ll include and support systemd-homed and homectl.
So, there’s no need for anyone to go into full-on pitchforks and burning torches mode. Because the standard methods for managing users and home directories will remain, we’ll all still have choices.
RELATED: What’s New in Ubuntu 20.04 LTS “Focal Fossa”