Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]
Groups > alt.os.linux > #68381
| From | Eli the Bearded <*@eli.users.panix.com> |
|---|---|
| Newsgroups | alt.os.linux, comp.os.linux.misc |
| Subject | Re: system-homed coming at ya suckers |
| Date | 2020-12-12 01:42 +0000 |
| Organization | Some absurd concept |
| Message-ID | <eli$2012112042@qaz.wtf> (permalink) |
| References | <24f0a08cd2d4684a7b101f5019eebb1a@dizum.com> <op.0vhdnnl6a3w0dxdave@hodgins.homeip.net> <eli$2012111817@qaz.wtf> <op.0vhirvn0a3w0dxdave@hodgins.homeip.net> |
Cross-posted to 2 groups.
In comp.os.linux.misc, David W. Hodgins <dwhodgins@nomail.afraid.org> wrote: > Eli the Bearded <*@eli.users.panix.com> wrote: >> Yeah, nosuid and nodev are vital, otherwise instant "ownership" of the >> mounting computer: suid is easy to escalate; dev is harder, but doable, >> since a /dev/mem equivilant or filesystem device file would permit >> nastiness. > It defaults to using nosuid, nodev, exec. That sounds just like the options for "user" mounts in /etc/fstab. I'd hope that homed does something about file ownership mapping, for a truely portable home directory. >> As for noexec, that's harsh, and does it even work? I've not played with > It doesn't default to noexec. That's an option available for any system admin > that wants it. I understood that. Does it work, or does it just make me jump through hoops to run programs? >> I haven't really looked at the homed proposal, so I don't know even what >> problem it is supposed to solve. I do know that I've seen _so_ _many_ >> different (and many hacky) fixes for home directories on large >> installations. > systemd-homed makes it easier for each user to have all of their /home/$USER > directory be on an encrypted filesystem, with each user having their own > encryption key. Automount with public key store is not bad, but hopely not all there is to it. (Other descriptions suggest it has a local file per user with UID and groups, instead of using NIS or LDAP. But that just raises more questions in my mind about how that is a "win" over LDAP.) > Putting the directory on a removable device is an optional possible benefit. > Extreme care must be taken when using it. The .config files tend to be > version specific, so all systems where the removable storage is used Fragility in something fundamentally needed is why Lennart Poettering has a bad name. > That is applies to sharing /home between installs on the same > system too, so is not caused by systemd-homed. That's totally outside the scope I was considering, which is "same user distributed across multiple servers". Not that it is an invalid case, but still. > I use an encrypted file system that is shared between multiple > installs on the same computer. I do not share /home/$USER, but have > replaced various directories such as ~/Documents with symlinks to > directories on the encrypted file system. I have to configure my user > account on each of the installs, but that is much safer than trying to > share ~/.config/ between different installations with different > versions of packages installed. On my personal system, /home/ is a separate device, because it grows faster than root filesystem, needs a different backup schedule from system files, and because I'll want to move it wholesale to a new system when I next upgrade hardware, while / can just be rebuilt. 95% of used disk space is my personal $HOME, but I have a few special purpose users on /home/, too, eg a backup of an old raspberry pi system's $HOME. I don't get the impression that homed is really meant to solve the problems of individuals with typical home computer setups. That's relatively niche Linux. That's much more likely to not have concurrent usage on multiple systems, and not rely getting _in_ via ssh. The home user, like yourself, is also much more likely to be dealing with multiple distro families, because of wanting to tinker with them. Most Linux is corporate systems, and with my $WORK hat on, having a $HOME directory on a server is merely convinence, not necessity. The range of OSes is likely to be small, with merely generational differences, like older stuff on Centos 6 and newer on Centos 7, or older on Ubuntu 18 and newer on Ubuntu 20. I can get my $WORK work done just as well when login dumps me to / instead of somehwere in /home/, but if I'm going to be there a while I'll probably make a $HOME in /tmp/ or /var/tmp/ and export the variable myself. The number and size of files I need to share between systems is few, and a lot of it can be done with source code management tools (eg, git repos). Without reading the homed proposal, I can't really tell what use case(s) it intends to support. The home users are the ones who are most strongly anti-Pottering, and the files they need will be the largest and most varied, most likely to include data, binaries, named sockets, and maybe even named pipes, and least likely to be using the portable home directory as a stepping stone to system compromise because they'll all already have sudo. Elijah ------ has seen https://systemd.io/HOME_DIRECTORY/ but doesn't see motivations there
Back to alt.os.linux | Previous | Next — Previous in thread | Next in thread | Find similar
system-homed coming at ya suckers Nomen Nescio <nobody@dizum.com> - 2020-12-10 11:00 +0100
Re: system-homed coming at ya suckers "J.O. Aho" <user@example.net> - 2020-12-10 13:59 +0100
Re: system-homed coming at ya suckers John McCue <jmccue@obsd2.mhome.org> - 2020-12-10 21:05 +0000
Re: system-homed coming at ya suckers "Carlos E.R." <robin_listas@es.invalid> - 2020-12-10 22:34 +0100
Re: system-homed coming at ya suckers The Natural Philosopher <tnp@invalid.invalid> - 2020-12-11 04:56 +0000
Re: system-homed coming at ya suckers "J.O. Aho" <user@example.net> - 2020-12-10 22:44 +0100
Re: system-homed coming at ya suckers Eric Pozharski <whynot@pozharski.name> - 2020-12-11 12:05 +0200
Re: system-homed coming at ya suckers Rich <rich@example.invalid> - 2020-12-11 13:55 +0000
Re: system-homed coming at ya suckers Dan Espen <dan1espen@gmail.com> - 2020-12-11 09:03 -0500
Re: system-homed coming at ya suckers "J.O. Aho" <user@example.net> - 2020-12-11 15:31 +0100
Re: system-homed coming at ya suckers Dan Espen <dan1espen@gmail.com> - 2020-12-11 10:07 -0500
Re: system-homed coming at ya suckers Eric Pozharski <whynot@pozharski.name> - 2020-12-12 16:43 +0200
Re: system-homed coming at ya suckers John McCue <jmccue@obsd2.mhome.org> - 2020-12-11 20:35 +0000
Re: system-homed coming at ya suckers "Carlos E.R." <robin_listas@es.invalid> - 2020-12-11 22:29 +0100
Re: system-homed coming at ya suckers "David W. Hodgins" <dwhodgins@nomail.afraid.org> - 2020-12-11 16:51 -0500
Re: system-homed coming at ya suckers Eli the Bearded <*@eli.users.panix.com> - 2020-12-11 23:19 +0000
Re: system-homed coming at ya suckers The Natural Philosopher <tnp@invalid.invalid> - 2020-12-11 23:23 +0000
Re: system-homed coming at ya suckers "David W. Hodgins" <dwhodgins@nomail.afraid.org> - 2020-12-11 18:41 -0500
Re: system-homed coming at ya suckers Eli the Bearded <*@eli.users.panix.com> - 2020-12-12 01:42 +0000
Re: system-homed coming at ya suckers "David W. Hodgins" <dwhodgins@nomail.afraid.org> - 2020-12-11 22:00 -0500
Re: system-homed coming at ya suckers "Carlos E.R." <robin_listas@es.invalid> - 2020-12-12 13:04 +0100
Re: system-homed coming at ya suckers Aragorn <thorongil@telenet.be> - 2020-12-12 20:05 +0100
Re: system-homed coming at ya suckers Melzzzzz <Melzzzzz@zzzzz.com> - 2020-12-12 19:24 +0000
Re: system-homed coming at ya suckers "Carlos E.R." <robin_listas@es.invalid> - 2020-12-12 22:45 +0100
Re: system-homed coming at ya suckers Rich <rich@example.invalid> - 2020-12-13 02:19 +0000
Re: system-homed coming at ya suckers Eli the Bearded <*@eli.users.panix.com> - 2020-12-14 22:21 +0000
Re: system-homed coming at ya suckers Javier <invalid@invalid.invalid> - 2020-12-15 15:34 -0600
Re: system-homed coming at ya suckers Eli the Bearded <*@eli.users.panix.com> - 2020-12-15 23:48 +0000
Re: system-homed coming at ya suckers not@telling.you.invalid (Computer Nerd Kev) - 2020-12-15 22:00 +0000
Re: system-homed coming at ya suckers Henning Hucke <h_hucke+spam.news@newsmail.aeon.icebear.org> - 2020-12-13 12:45 +0000
Re: system-homed coming at ya suckers Dan Espen <dan1espen@gmail.com> - 2020-12-10 16:50 -0500
Re: system-homed coming at ya suckers "J.O. Aho" <user@example.net> - 2020-12-11 08:01 +0100
Re: system-homed coming at ya suckers Michael Bäuerle <michael.baeuerle@stz-e.de> - 2020-12-11 11:43 +0100
Re: system-homed coming at ya suckers Dan Espen <dan1espen@gmail.com> - 2020-12-11 08:58 -0500
Re: system-homed coming at ya suckers Dan Espen <dan1espen@gmail.com> - 2020-12-11 08:55 -0500
Re: system-homed coming at ya suckers Jack Strangio <jackstrangio@yahoo.com> - 2020-12-15 00:26 +0000
Re: system-homed coming at ya suckers Dan Espen <dan1espen@gmail.com> - 2020-12-14 21:14 -0500
Re: system-homed coming at ya suckers not@telling.you.invalid (Computer Nerd Kev) - 2020-12-15 22:19 +0000
Re: system-homed coming at ya suckers Dan Espen <dan1espen@gmail.com> - 2020-12-15 17:48 -0500
Re: system-homed coming at ya suckers not@telling.you.invalid (Computer Nerd Kev) - 2020-12-16 22:08 +0000
Re: system-homed coming at ya suckers not@telling.you.invalid (Computer Nerd Kev) - 2020-12-16 22:13 +0000
Re: system-homed coming at ya suckers B1ackwater <bw@magikbeanz.net> - 2020-12-14 23:05 -0500
Re: system-homed coming at ya suckers "Carlos E.R." <robin_listas@es.invalid> - 2020-12-15 13:01 +0100
Re: system-homed coming at ya suckers B1ackwater <bw@magikbeanz.net> - 2020-12-15 22:52 -0500
Re: system-homed coming at ya suckers "Carlos E.R." <robin_listas@es.invalid> - 2020-12-16 11:56 +0100
Re: system-homed coming at ya suckers Eli the Bearded <*@eli.users.panix.com> - 2020-12-16 19:25 +0000
Re: system-homed coming at ya suckers B1ackwater <bw@magikbeanz.net> - 2020-12-19 01:29 -0500
Re: system-homed coming at ya suckers doctor@doctor.nl2k.ab.ca (The Doctor) - 2020-12-19 14:54 +0000
Re: system-homed coming at ya suckers Eric Pozharski <whynot@pozharski.name> - 2020-12-16 12:16 +0200
Re: system-homed coming at ya suckers "Carlos E.R." <robin_listas@es.invalid> - 2020-12-16 11:58 +0100
Re: system-homed coming at ya suckers Jasen Betts <usenet@revmaps.no-ip.org> - 2020-12-18 12:15 +0000
Re: system-homed coming at ya suckers bad sector <forgetski@postit_INVALID_.gov> - 2020-12-10 17:13 -0500
Re: system-homed coming at ya suckers "J.O. Aho" <user@example.net> - 2020-12-11 08:05 +0100
Re: system-homed coming at ya suckers bad sector <forgetski@postit_INVALID_.gov> - 2020-12-11 08:33 -0500
Re: system-homed coming at ya suckers Dan Espen <dan1espen@gmail.com> - 2020-12-11 09:01 -0500
Re: system-homed coming at ya suckers "J.O. Aho" <user@example.net> - 2020-12-11 16:11 +0100
Re: system-homed coming at ya suckers Dan Espen <dan1espen@gmail.com> - 2020-12-11 12:46 -0500
Re: system-homed coming at ya suckers "Carlos E.R." <robin_listas@es.invalid> - 2020-12-11 22:22 +0100
Re: system-homed coming at ya suckers Jasen Betts <usenet@revmaps.no-ip.org> - 2020-12-11 22:45 +0000
Re: system-homed coming at ya suckers "David W. Hodgins" <dwhodgins@nomail.afraid.org> - 2020-12-11 19:07 -0500
Re: system-homed coming at ya suckers "Carlos E.R." <robin_listas@es.invalid> - 2020-12-11 22:19 +0100
csiph-web