systemd-homed

systemd-homed is a new and fundamentally different way of handling home directories on Linux. The idea is to make each users home directory a self-contained (encrypted) container with all user-related configuration files unified into 1 file. This make migration between, say, 2 laptop machines real easy on the system level. It was first announced at the "All Systems Go" conference in Berlin in September, 2019. It was merged into the systemd source tree in January 2020 and it will be included in systemd version 245.

Lennart Poettering Presents Systemd-Homed At All Systems Go

Lennart Poettering explaining the ideas behind systemd-homed at the All Systems Go conference in Berlin in September, 2019.

Development

systemd-homed is developed in a separate git tree at github.com/poettering/systemd/tree/homed. That tree was merged into the mainline systemd repository late January 2020 with a large pull of more than 20k lines of code.

systemd-homed will be available in systemd 245 when it is released (there is no set date or timeline for its release).

Features

systemd-homed is centered around encrypted home directory containers which can, in principle, be easily moved from one machine to another. The container password will, in configurations using systemd-homed, also be the user login password.

All user-specific records are stored within a JSON formatted file called ~/.identity which is cryptographically signed with a key out of the users control. The idea is to have a file with system-managed settings within the home directory. A lot of user-related records are currently stored outside the home directory in a number of different places, mostly within /etc/. systemd-homed aims to consolidate all the different user-related settings within ~/.identity.

Encrypted Home Directory Containers

systemd-homed will support two kinds of encrypted home directories: fscrypt encrypted and LUKS encrypted.

Users will be able to make USB sticks with LUKS encrypted home directory containers and have all files and system-allowed settings available when they plug it into a new machine. The way ~/.identity is cryptographically signed by host systems ensures that a you can't just show up and claim to have sudo privileges.

systemd-homed supports a complete unmount of encrypted home directories when a machine suspends to RAM. This is specially useful for laptop computers who are typically configured to either suspend or hibernate when the laptop lid is closed. Hibernating to disk will remove the encryption key from memory. Suspending to RAM keeps the encryption key in RAM - which makes cold boot attacks a very real security issue. The current obvious solution to that problem is to suspend to disk not RAM.

Unencrypted home directories are also supported. Plain locally stored unencrypted home directories will be named username.homedir on disk when they are not in use. Directories are renamed to username upon login.

Remote CIFS directories are also supported. Local ~/.identity will, in CIFS setups, have to specify the information necessary to mount the remote home directory when a user logs in.

Utilities

The systemd-homed utility homectl is used to interface with the systemd-homed.service to create, remove, change or inspect home directories^[1]

homectl does not manage "classic" UNIX accounts, useradd should be used for that purpose.

The homectl create command can be used to set limits on newly created user accounts. It supports options like --disk-size= to limit a home directories disk quota, --tasks-max to limit the number of processes and many other options^[1].

userdbctl is used to inspect the systems users, groups and group memberships ^[2].

Pitfalls and Problems

Linux assigns UIDs in the order usernames are registered on a machine. you may get UID 1000 if you are the first user on a laptop and you could get 1001 on another laptop if you are the second user to be registered there. This poses a problem if you move a home directory container from machine A where you're UID 1000 to machine B where you are 1001. systemd-homed solves this by doing a chown -R on the entire home directory if there is a conflict. This is a problem if you use groups or run daemons setup to run as different users within your home directory for some reason. Moving a home directory with lots of users and groups from one machine to another would already be problematic for other reasons and very few will have setups like that in moving containers. It is just something to keep in mind in case you feel compelled to or have setup something which will break if a chown -R is imposed on your home directory.

System Services

systemd-homed is managed by systemd-homed.service and a pam_systemd_home which notifies systemd-homed when a user logs in or out.

Documentation

Initial documentation for systemd-homed is available at systemd/docs/HOME_DIRECTORY.md.

Footnotes