systemd implements ransomware for your own home directory
-
Do you use Linux?
Did you likepulseaudioandsystemd?
Then you'll love Lennart Poettering's new groundbreaking idea:
Linux home directory management is about to undergo major change | TechRepublic
With systemd 245 comes systemd-homed. Along with that, Linux admins will have to change the way they manage users and users' home directories.
-
@Zerosquare The ability to move home directories to random locations?
-
@Zerosquare said in WTF Bites:
Do you use Linux?
Did you likepulseaudioandsystemd?
Then you'll love Lennart Poettering's new groundbreaking idea:
Linux home directory management is about to undergo major change | TechRepublic
With systemd 245 comes systemd-homed. Along with that, Linux admins will have to change the way they manage users and users' home directories.
How the /etc/passwd and /etc/shadow files work is simple:
-
During the login process, the system authenticates the login attempt against /etc/shadow.
-
If login is successful, the system reads the /etc/passwd entry for the user to locate the user's home directory.
So, for the simple act of logging in, three mechanisms are required (systemd, /etc/shadow, /etc/passwd). This is inefficient, and Poettering has decided to make a drastic change. That change is homed. With homed, all information will be placed in a cryptographically signed JSON record for each user. That record will contain all user information such as username, group membership, and password hashes.
-
-
Article @Zerosquare linked which @Gąska replied to in WTF Bites said:
such as username
Wait, so it has to decrypt a series of JSON documents before it can check if it even applies to them???!!?!
-
@Tsaukpaetra And adding an extra newline (as a hack) to a file will completely stop that user from logging in. And systemd being systemd, it'll never describe what the problem is in a way that allows anyone to figure out what the problem is; that user will just have to hope that they've got backups because that home directory will be permanently lost.
-
@Tsaukpaetra from what I've gathered, it was just a shitty tech journalist doing a shitty job of tech journalism and putting a few words too many in a sentence because the words often show up together in other texts and not because it makes sense in this particular instance. Username isn't stored in .identity file, only everything else is.
-
@Zerosquare The ability to move home directories to random locations?
Break early, break often?
-
@topspin the idea itself is fine - it's basically an easy way to setup Active Directory-esque roaming profile and/or seamlessly encrypting the entire home directory without (or with a different key than for) encrypting the entire drive. The only problem is that it's implemented by Systemd team.
-
The only problem is that it's implemented by Systemd team.
After all, they're the people who put the “fuck you” into “so simple it couldn't possibly go wrong”.
-
@topspin the idea itself is fine
From what I heard from people who are more familiar with Linux systems than I am, this idea adds support for a very rare use case, while introducing a whole lot of new and interesting problems for everyone else.
But you wouldn't expect anything different from Lennart Poettering.
-
@Zerosquare said in WTF Bites:
@topspin the idea itself is fine
From what I heard from people who are more familiar with Linux systems than I am, this idea adds support for a very rare use case, while introducing a whole lot of new and interesting problems for everyone else.
Before you take their word for granted, remember that they probably like Git.
-
@Blakeyrat: stop posting using @Gąska's account. We know it's you.
No, seriously. I have no reason to doubt their opinion. And given the track record of the systemd guy, I have every reason to believe it will be a WTF.
-
@Zerosquare said in WTF Bites:
No, seriously. I have no reason to doubt their opinion.
Just keep in mind that even for the most reputable experts in the world, "it's a rare use case" usually means "none of the 1000 people I've met in my life do it (out of 7 billion total people living on Earth)." Remote login is a very common thing. Automatically synchronizing your home directory across all the remote machines you log into is very nice if you remotely login a lot.
And given the track record of the systemd guy, I have every reason to believe it will be a WTF.
That I have no doubt about.
-
Automatically synchronizing your home directory across all the remote machines you log into is very nice if you remotely login a lot.
It's nice… up until the moment when the network gets something wrong and then it becomes a nightmare. BTDT. I want all my critical systems to have local logins only now.
-
Automatically synchronizing your home directory across all the remote machines you log into is very nice if you remotely login a lot.
But that's the point: it is not support for true roaming profiles (which are useful indeed). It's support for a weird form of "manual" roaming profiles, where your profile would live on a USB stick or something similar. How many people would use that?
Also, what's the point of encrypting home directories? People who need encryption already use full-disk encryption anyways.
-
Automatically synchronizing your home directory across all the remote machines you log into is very nice if you remotely login a lot.
Yeah and it's already a thing.
What's actually new with this
homedthing? Is it just the info being stored in JSON?
-
@Zerosquare said in WTF Bites:
@topspin the idea itself is fine
From what I heard from people who are more familiar with Linux systems than I am, this idea adds support for a very rare use case, while introducing a whole lot of new and interesting problems for everyone else.
Before you take their word for granted, remember that they probably like Git.
I’m not sure if someone likes git and considers this to be too complex, that it’s not way too complex.
Also, NFS mountable home drives have been a thing for decades. Who wants their home on a USB stick?
-
Who wants their home on a USB stick?
Pretty sure @Tsaukpaetra has probably tried it...
Edit: Oh wait. That was the full OS...
-
Who wants their home on a USB stick?
Pretty sure @Tsaukpaetra has probably tried it...
Edit: Oh wait. That was the full OS...
Throwing most user folders (docs, pictures, etc) works fine. Tossing the whole profile on there... not so fine.
-
Automatically synchronizing your home directory across all the remote machines you log into is very nice if you remotely login a lot.
It's nice… up until the moment when the network gets something wrong and then it becomes a nightmare. BTDT. I want all my critical systems to have local logins only now.
There are two kinds of people - those who do backups and those who will...
I guess different people with different workloads have different priorities. At my previous employer, the build environment was so
that we couldn't build anything locally and had to use dedicated build server only. There were like 150 identical servers provisioned, about 10 of which were assigned to our project (server assignment was changing over time). If one server had too much use, I just ssh'd to different one on the fly. If I had to setup a different .bashrc, .zshrc, SSH keys etc. on each of them, I'd go insane (I mean, more insane than now). Roaming profile was a lifesaver.Considering nearly 100% of corporate Windows installations worldwide make use of roaming profiles, I think the top reason why they're so rare in Linux world is because it's so damn hard to setup.
-
Considering nearly 100% of corporate Windows installations worldwide make use of roaming profiles, I think the top reason why they're so rare in Linux world is because it's so damn hard to setup.
How so? I can log in on any computer and / or ssh onto a server and see the same file system everywhere. It’s not new.
-
@Zerosquare said in WTF Bites:
Automatically synchronizing your home directory across all the remote machines you log into is very nice if you remotely login a lot.
But that's the point: it is not support for true roaming profiles (which are useful indeed). It's support for a weird form of "manual" roaming profiles, where your profile would live on a USB stick or something similar. How many people would use that?
Oh, I missed that. Yes, this one is weird (usually you have the entire system on the stick). But there's also CIFS storage mode, ie. an actual roaming profile that actually makes sense.
Also, what's the point of encrypting home directories? People who need encryption already use full-disk encryption anyways.
Full-disk encryption is major PITA when the system breaks down, because you can't just boot any random LiveCD you have lying around and edit files in /etc from there. Also, performance. In my experience, 99% of things outside the home directory is program binaries and other resources that are downloaded straight from public repos and aren't worth encrypting, and the rest is config files that also don't need encryption. Yes, there's /var/log that potentially contains somewhat sensitive information, but honestly, I can't really think of any actual attack scenario using it. But home directory is definitely worth encrypting.
@Zerosquare said in WTF Bites:
@topspin the idea itself is fine
From what I heard from people who are more familiar with Linux systems than I am, this idea adds support for a very rare use case, while introducing a whole lot of new and interesting problems for everyone else.
Before you take their word for granted, remember that they probably like Git.
I’m not sure if someone likes git and considers this to be too complex, that it’s not way too complex.
Or the other way around - if they consider this to be too complex, but not Git, I seriously doubt their judgement.
-
Automatically synchronizing your home directory across all the remote machines you log into is very nice if you remotely login a lot.
Is it? I'm remotely logging into stuff like WTDWTF servers (from home) and build servers (from work). Definitely don't need or want my personal home sync'd to the WTDWTF server. Ditto for my case at work.
-
@boomzilla I mean, if you remotely login into a lot of different places in the same... let's say domain. Geez, do I really have to spell out everything for you? I thought it's obvious enough that roaming your porn folder into a high security restricted access NSA database server isn't what I meant.
-
If one server had too much use, I just ssh'd to different one on the fly. If I had to setup a different .bashrc, .zshrc, SSH keys etc. on each of them, I'd go insane (I mean, more insane than now). Roaming profile was a lifesaver.
The interesting bit in the
homedarticle is that because of home folder encryption they haven't figured out SSH support yet.After all, the identity public key is in the home folder which needs to be decrypted before you access that file and be allowed to log in remotely, but it can only be decrypted after you've got a secure connection over which you can send the decryption details.
-
@boomzilla I mean, if you remotely login into a lot of different places in the same... let's say domain. Jeez, do I really have to spell out everything for you? I thought it's obvious enough that roaming your porn folder into a high security restricted access NSA database server isn't what I meant.
It isn't what I meant either. I don't use those remote machines for the same purpose as I use my local machine is my point.
-
If one server had too much use, I just ssh'd to different one on the fly. If I had to setup a different .bashrc, .zshrc, SSH keys etc. on each of them, I'd go insane (I mean, more insane than now). Roaming profile was a lifesaver.
The interesting bit in the
homedarticle is that because of home folder encryption they haven't figured out SSH support yet.After all, the identity public key is in the home folder which needs to be decrypted before you access that file and be allowed to log in remotely, but it can only be decrypted after you've got a secure connection over which you can send the decryption details.
It's a chickend and eggd problem.
-
@boomzilla yes, exactly. Home me is home me, hobby me is hobby me, work me is work me, and they have nothing in common, especially they don't share any profile settings. Never even for one millisecond I suggested anything else. I just said that not having to manage two separate .bashrc files both at the same workplace is nice.
-
@JBert where is the password hash for local login stored? Can’t they do the same for that?
-
If one server had too much use, I just ssh'd to different one on the fly. If I had to setup a different .bashrc, .zshrc, SSH keys etc. on each of them, I'd go insane (I mean, more insane than now). Roaming profile was a lifesaver.
The interesting bit in the
homedarticle is that because of home folder encryption they haven't figured out SSH support yet.After all, the identity public key is in the home folder which needs to be decrypted before you access that file and be allowed to log in remotely, but it can only be decrypted after you've got a secure connection over which you can send the decryption details.
It's especially funny considering that the solution is really trivial if you just spend two seconds thinking about it. Apparently they didn't.
-
@boomzilla yes, exactly. Home me is home me, hobby me is hobby me, work me is work me, and they have nothing in common, especially they don't share any profile settings. Never even for one millisecond I suggested anything else. I just said that not having to manage two separate .bashrc files both at the same workplace is nice.
And you missed my point.
"Work me" is not always "work me." My "personal" work station isn't the same as the application or build servers I log into. All at the same workplace.I get your point. It just doesn't fit me.
-
I just said that not having to manage two separate .bashrc files both at the same workplace is nice.
As @topspin mentioned, with networked file systems (and home directories) you've had that like forever (like, NFSv3 came out in 1995). I can' remember a place with *nix machines that didn't serve home directories via NFS.
I guess I can see a use for this if you physically share laptops across multiple people where N_laptop < N_people. Is that a common scenario, though?
-
where is the password hash for local login stored?
/etc/shadow
The thing they seem to complain about.
-
@cvi didn't someone say it's very rare? I believe someone said it's very rare. I shouldn't've taken their word at face value, I guess.
-
@cvi didn't someone say it's very rare? I believe someone said it's very rare. I shouldn't've taken their word at face value, I guess.
Hmm.
*scrolling noises*
I think the top reason why they're so rare in Linux world is because it's so damn hard to setup.
(OK, maybe somebody else mentioned it even further upthread, don't remember.)
-
where is the password hash for local login stored?
/etc/shadow
The thing they seem to complain about.
No, where’s it stored in their homed implementation if they get rid of /etc/shadow? That’d be the obvious place to store your keys, too.
-
@topspin Yeah, makes sense.
I guess the place would be the magic signed json file?
Not sure who gets to sign it, considering it contains group memberships and so on. I guess you would have to go through some administrative utility (similar to
passwd) to update selected parts of it. (That's unlike current ssh keys, which you as a user have full control over at the moment; you can have multiple ssh keys, and you can even limit access to specific things for certain keys.)
-
where is the password hash for local login stored?
/etc/shadow
The thing they seem to complain about.
No, where’s it stored in their homed implementation if they get rid of /etc/shadow? That’d be the obvious place to store your keys, too.
/etc/shadowdDuh.
-
@cvi didn't someone say it's very rare? I believe someone said it's very rare. I shouldn't've taken their word at face value, I guess.
I didn't say roaming profiles were very rare. I said that roaming profiles manually (i.e. carrying around a USB stick with your profile on it) was very rare.
-
@Zerosquare said in WTF Bites:
roaming profiles manually (i.e. carrying around a USB stick with your profile on it) was very rare
Whoa there!
... never mind
-
(That's unlike current ssh keys, which you as a user have full control over at the moment; you can have multiple ssh keys, and you can even limit access to specific things for certain keys.)
Oh, you mean there's going to be an ability granted to Needfuls to make it so that you can't change your SSH key? What nutcase thought that was a great plan? (Inb4 L Poettering.)
-
@dkf whenever I see the name Poettering, I find myself wondering if it's some kind of joke.
-
@topspin Yeah, makes sense.
I guess the place would be the magic signed json file?
Not sure who gets to sign it, considering it contains group memberships and so on. I guess you would have to go through some administrative utility (similar to
passwd) to update selected parts of it. (That's unlike current ssh keys, which you as a user have full control over at the moment; you can have multiple ssh keys, and you can even limit access to specific things for certain keys.)Of course when they want to replace a simple system that works for different scenarios and replace it with a complicated one (less complicated than git!) that doesn’t mean it will actually have feature parity.
-
@dkf whenever I see the name Poettering, I find myself wondering if it's some kind of joke.
The man certainly is, and not the funny kind.
-
@Zerosquare said in WTF Bites:
Do you use Linux?
Did you likepulseaudioandsystemd?
Then you'll love Lennart Poettering's new groundbreaking idea:
Linux home directory management is about to undergo major change | TechRepublic
With systemd 245 comes systemd-homed. Along with that, Linux admins will have to change the way they manage users and users' home directories.
Two immediate thoughts, not entirely mutually exclusive:
- this was posted there 29 days too late.
- this deserves it's own thread, not a post in
Bites
Once that user logs out, the home directory is automatically encrypted.
Oh dear - if you want some -xxxxxxr-- files in there, you need to be logged in 24x7. What do you mean multi-user systems don't exist, with http://example.com/~user not being a personal webpage from the '80's... (or other more cromulent reasons for wanting read-only stuff in ~, that other people should be able to read.)
I presume he's doing something weird and wonderful with
~/.ssh.In fact I presume he's thought about it to begin with.
Yes?
<finishes reading the article..>
Oh - seriously, and honestly, I hadn't got this far in the article until I typed that aside:
The big problem with that is the .ssh directory (where SSH stores known_hosts and authorized_keys) would be inaccessible while the user's home directory is encrypted. Of course Poettering knows of this shortcoming. To date, all of the work done with systemd-homed has been with the standard authentication process. You can be sure that Poettering will come up with a solution that takes SSH into consideration.
Should Poettering not be able to develop a solution for the SSH conundrum, systemd-homed will have to be relegated to desktops and laptop distributions, leaving servers out of the mix. I cannot imagine that will fly with the systemd team.
-
@PJH It's fine. Fortunately no-one uses SSH.
-
Automatically synchronizing your home directory across all the remote machines you log into is very nice if you remotely login a lot.
~/ownCloud(or use Dropbox, if you CBA maintaining your own server.)Works for me over 4 static boxes (2×home, 1×work, 1×server and ocean away) and 2 remotes (laptop and mobile.)
Partitioned, where relevant and needful, between home and work, of course.
For everything else there's either rsync (backups) or VCS (git/svn choose your poison, for configs. And development.)
-
@loopback0 said in WTF Bites:
@PJH It's fine. Fortunately no-one uses SSH.
I don't any more. I use...
sshd
-
if you want some -xxxxxxr-- files in there
You shouldn't set x permissions in the places designated for r and w.
-
if you want some -xxxxxxr-- files in there
You shouldn't set x permissions in the places designated for r and w.
It's what happens when you use decimal instead of octal with
chmod- can't help myself sometimes.
Windows To Go - Wikipedia
