Message: previous - next
Month: September 2020

Re: [trinity-users] Re: systemd-homed - new thread

From: "William Morder via trinity-users" <trinity-users@...>
Date: Tue, 15 Sep 2020 11:30:01 -0700

On Tuesday 15 September 2020 11:09:27 Felmon Davis wrote:
> On Tue, 15 Sep 2020, Dr. Nikolaus Klepp wrote:
> > Anno domini 18:08:23 Tue, 15 Sep 2020 +0200 (CEST)
> > Felmon Davis scripsit:
> >
> > [...]
> >
> >> I take it with systemd-homed one doesn't get trapped by shifting UIDs
> >> and such. they write (partial quotation),
> >>
> >> "Linux assigns UIDs in the order usernames are registered on a
> >> machine. you may get UID 1000 if you are the first user on a laptop
> >> and you could get 1001 on another laptop if you are the second user to
> >> be registered there. This poses a problem if you move a home directory
> >> container from machine A where you're UID 1000 to machine B where you
> >> are 1001. systemd-homed solves this by doing a chown -R on the entire
> >> home directory if there is a conflict. [...]"
> >>
> >> I once fell athwart of that! not to mention that 'home' gets encrypted.
> >>
> >> why isn't this a net bonus?
> >
> > There are hords of resons.
> many of the reasons you cite go beyond my technical knowledge but I'll
> venture comments on a couple:
> > 1) security relies on trust into the computer you plug your home in.
> > Well, that's a bad plan to begin with. System is compromised, sor
> > your home is now compromised, too. And becaus of the ease to do, you
> > compromomise all systems you go to that day and the next day ...
> I guess it depends on the intended use-case. if I want to transfer
> 'home' to another one of my computers, there is no problem or rather,
> I already had a problem if the computer I'm transferring to is
> compromised.
> and as someone pointed out further down-thread (sorry, I can't find
> the msg!) this may be suitable to a business environment.

quoted from E.Liddell's earlier post:
The target audience here isn't home users, it's business and education
setups where the users are (understandably) not trusted by the sysadmin.
It's the businesses that pay Red Hat's bills, so naturally they cater to them.

I think that he made that point, and I agree. The promise of "a personal 
computer in every home" seems to have been pushed aside in deference to the 
needs of business. If home users can make it work, no problem, it's free; but 
developers generally don't think of home users any more, because anybody who 
is interested in computers (in the way we discuss these matters here) already 
works in the field. 

I am guessing that at least 3/4 of our mailing list are people who work in the 
field, or that they are not the sort of person we usually imagine as "home 

> > 2) TRhis problem was solved when? 40 years ago? When was it,
> > NFS+yellowpages was introduced?
> I have no idea. will have to look this up.
> sometime.
> > 3) It does not address at all the problems of different hardware and
> > different OS. You can share your home on any *nix system you like -
> > if you are a bit coutious - without systemd-homed. You cannot any
> > more when you use systemd-homed.
> I don't follow. even rsync-ing to another computer may involve some
> fix-ups as Kate expressly indicated. you are saying once installed by
> 'systemd-homed' I cannot fix configuration files in 'home'?
> > 4) WTF encrypted JSON? This is soooo systemd. Remember the "benefits" of
> > binary logfiles? 5) "systemd-homed" looks more like "systemd-owned" than
> > anything else.
> >
> > Nik
> I don't use systemd or at least didn't until it cropped up in my
> install of MX and 4QOS but I think that's minimalistic.
> anyway, I'm not advocating systemd, just wondering what's so terrible
> about systemd-homed.
> it sounds like what's terrible about systend-homed is that it's
> systemd!
> f.

I think Michael's post encapsulated what is wrong with homed (quoting what he 
himself mostly quotes): 
"All user-specific records are stored within a JSON formatted file called 
~/.identity which is cryptographically signed with a key out of the users 

..."out of the users control"...

Welcome to Big Brother?

Seriously, homed says my data is not mine. �Worse, if homed borks, then I've 
lost ALL my data.

This reply from the linked article, also seems to be relevent:

> systemd-homed solves this by doing a chown -R on the entire home directory 
if there is a conflict.


I'm supposed to trust you to know what my home directory permissions are 
supposed to be?

Are you fucking crazy?"

Background on this is that, especially in a developer's system, it's frequent 
to have files owned by different users and groups within your home. �homed is 
just going to overwrite all that.

Just trying to bring the different views together in one place.