[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ale] semi OT: systemd-homed

On every laptop I've ever handed to a user with an encrypted hard drive it uses LUKS. The user selects a password for the unlock and the admin team has theirs. User forgets their password and admins can reset it. Remember, LUKS supports multiple key slots. Brilliant design. 

In order to make sense of what systemd is and why it does things the way it does, it helps to see the the cloud processes as being the huge driving force behind the need to rethink the per process, per machine, and now per user instantiation process. Is it perfect? Nope. Not yet. But it works rather well. It's different so it's hard to wrap my head around it sometimes. Like firewalld. The thinking started making sense for me after using for a while. Learning curve was nearly vertical for a while. Worth it.

On May 1, 2020 2:53:15 AM EDT, Steve Litt via Ale <ale at ale.org> wrote:
>On Thu, 30 Apr 2020 14:59:44 -0400
>Boris Borisov via Ale <ale at ale.org> wrote:
>> Just opening the rants :)
>Quote from the article:
>"Prior to systemd every system and resource was managed by its own
>tool, which was clumsy and inefficient. Now? Controlling and managing
>systems on Linux is incredibly easy."
>The preceding is a bald face lie. Each and every system and resource
>was always manageable by any of several process supervisors including
>daemontools, runit, s6, and several others. Controlling systems on
>Linux has always been incredibly easy. The fact that most distros chose
>to use sysvinit, out of inertia, in no way negates the fact that there
>were always unified ways to easily manage processes.
>This article is a puff-piece advertisement for systemd, and as such,
>should be labeled an editorial and should be placed in the editorial
>section (assuming TechRepublic has such a section).
>And what security minded sysadmin wouldn't want to walk around with his
>home directory on a thumb drive? Thumb drives never fall out of pockets
>or get confused with other thumb drives, right?
>And oh by the way, no more sshing into a box with homed. But don't
>worry, Lennart will develop a solution: He always does. After all, the
>systemd project has never once labeled a problem as "WONTFIX", right?
>LUKSing the home directory isn't for everybody. Admins: Ever have
>somebody forget their password? With a plain home directory, no sweat,
>just change their password. With LUKS, that data's gone forever, unless
>they've made an UNENCRYPTED backup. And I'm pretty sure with this new
>setup the root user can't make an unencrypted backup.
>Systemd-homed sounds great in the article, but personally, I'll stick
>with good old Void Linux with the runit init/process supervisor.
>Steve Litt
>March 2020 featured book: Troubleshooting: Why Bother?
>Ale mailing list
>Ale at ale.org
>See JOBS, ANNOUNCE and SCHOOLS lists at

"no government by experts in which the masses do not have the chance to inform the experts as to their needs can be anything but an oligarchy managed in the interests of the few.? - John Dewey
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.ale.org/pipermail/ale/attachments/20200501/9d0ea52d/attachment.html>