]>
Commit | Line | Data |
---|---|---|
38e7b808 LP |
1 | <?xml version='1.0'?> <!--*-nxml-*--> |
2 | <!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN" | |
eea10b26 | 3 | "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd"> |
db9ecf05 | 4 | <!-- SPDX-License-Identifier: LGPL-2.1-or-later --> |
38e7b808 | 5 | |
4623eecb AK |
6 | <refentry id="systemd-homed.service" conditional='ENABLE_HOMED' |
7 | xmlns:xi="http://www.w3.org/2001/XInclude"> | |
38e7b808 LP |
8 | |
9 | <refentryinfo> | |
10 | <title>systemd-homed.service</title> | |
11 | <productname>systemd</productname> | |
12 | </refentryinfo> | |
13 | ||
14 | <refmeta> | |
15 | <refentrytitle>systemd-homed.service</refentrytitle> | |
16 | <manvolnum>8</manvolnum> | |
17 | </refmeta> | |
18 | ||
19 | <refnamediv> | |
20 | <refname>systemd-homed.service</refname> | |
21 | <refname>systemd-homed</refname> | |
b5947b5b | 22 | <refpurpose>Home Area/User Account Manager</refpurpose> |
38e7b808 LP |
23 | </refnamediv> |
24 | ||
25 | <refsynopsisdiv> | |
26 | <para><filename>systemd-homed.service</filename></para> | |
27 | <para><filename>/usr/lib/systemd/systemd-homed</filename></para> | |
28 | </refsynopsisdiv> | |
29 | ||
30 | <refsect1> | |
31 | <title>Description</title> | |
32 | ||
33 | <para><command>systemd-homed</command> is a system service that may be used to create, remove, change or | |
b5947b5b ZJS |
34 | inspect home areas (directories and network mounts and real or loopback block devices with a filesystem, |
35 | optionally encrypted).</para> | |
38e7b808 LP |
36 | |
37 | <para>Most of <command>systemd-homed</command>'s functionality is accessible through the | |
38 | <citerefentry><refentrytitle>homectl</refentrytitle><manvolnum>1</manvolnum></citerefentry> command.</para> | |
39 | ||
40 | <para>See the <ulink url="https://systemd.io/HOME_DIRECTORY">Home Directories</ulink> documentation for | |
b5947b5b | 41 | details about the format and design of home areas managed by |
38e7b808 LP |
42 | <filename>systemd-homed.service</filename>.</para> |
43 | ||
44 | <para>Each home directory managed by <filename>systemd-homed.service</filename> synthesizes a local user | |
45 | and group. These are made available to the system using the <ulink | |
46 | url="https://systemd.io/USER_GROUP_API">User/Group Record Lookup API via Varlink</ulink>, and thus may be | |
47 | browsed with | |
48 | <citerefentry><refentrytitle>userdbctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>.</para> | |
c3d50255 AV |
49 | |
50 | <para><filename>systemd-homed.service</filename> also manages blob directories for each home directory | |
51 | it manages. See <ulink url="https://systemd.io/USER_RECORD_BLOB_DIRS">User Record Blob Directories</ulink> | |
52 | for more details.</para> | |
38e7b808 LP |
53 | </refsect1> |
54 | ||
6d68a0b3 LP |
55 | <refsect1> |
56 | <title>Key Management</title> | |
57 | ||
58 | <para>User records are cryptographically signed with a public/private key pair (the signature is part of | |
59 | the JSON record itself). For a user to be permitted to log in locally the public key matching the | |
60 | signature of their user record must be installed. For a user record to be modified locally the private | |
61 | key matching the signature must be installed locally, too. The keys are stored in the | |
62 | <filename>/var/lib/systemd/home/</filename> directory:</para> | |
63 | ||
64 | <variablelist> | |
65 | ||
66 | <varlistentry> | |
67 | <term><filename>/var/lib/systemd/home/local.private</filename></term> | |
68 | ||
69 | <listitem><para>The private key of the public/private key pair used for local records. Currently, | |
ec07c3c8 AK |
70 | only a single such key may be installed.</para> |
71 | ||
72 | <xi:include href="version-info.xml" xpointer="v246"/></listitem> | |
6d68a0b3 LP |
73 | </varlistentry> |
74 | ||
75 | <varlistentry> | |
76 | <term><filename>/var/lib/systemd/home/local.public</filename></term> | |
77 | ||
78 | <listitem><para>The public key of the public/private key pair used for local records. Currently, | |
ec07c3c8 AK |
79 | only a single such key may be installed.</para> |
80 | ||
81 | <xi:include href="version-info.xml" xpointer="v246"/></listitem> | |
6d68a0b3 LP |
82 | </varlistentry> |
83 | ||
84 | <varlistentry> | |
85 | <term><filename>/var/lib/systemd/home/*.public</filename></term> | |
86 | ||
87 | <listitem><para>Additional public keys. Any users whose user records are signed with any of these keys | |
88 | are permitted to log in locally. An arbitrary number of keys may be installed this | |
ec07c3c8 AK |
89 | way.</para> |
90 | ||
91 | <xi:include href="version-info.xml" xpointer="v246"/></listitem> | |
6d68a0b3 LP |
92 | </varlistentry> |
93 | </variablelist> | |
94 | ||
95 | <para>All key files listed above are in PEM format.</para> | |
96 | ||
97 | <para>In order to migrate a home directory from a host <literal>foobar</literal> to another host | |
98 | <literal>quux</literal> it is hence sufficient to copy | |
99 | <filename>/var/lib/systemd/home/local.public</filename> from the host <literal>foobar</literal> to | |
211c99c7 ZJS |
100 | <literal>quux</literal>, maybe calling the file on the destination <filename |
101 | index="false">/var/lib/systemd/home/foobar.public</filename>, reflecting the origin of the key. If the | |
102 | user record should be modifiable on <literal>quux</literal> the pair | |
6d68a0b3 LP |
103 | <filename>/var/lib/systemd/home/local.public</filename> and |
104 | <filename>/var/lib/systemd/home/local.private</filename> need to be copied from <literal>foobar</literal> | |
105 | to <literal>quux</literal>, and placed under the identical paths there, as currently only a single | |
106 | private key is supported per host. Note of course that the latter means that user records | |
107 | generated/signed before the key pair is copied in, lose their validity.</para> | |
108 | </refsect1> | |
109 | ||
38e7b808 LP |
110 | <refsect1> |
111 | <title>See Also</title> | |
13a69c12 DT |
112 | <para><simplelist type="inline"> |
113 | <member><citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry></member> | |
114 | <member><citerefentry><refentrytitle>homed.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry></member> | |
115 | <member><citerefentry><refentrytitle>homectl</refentrytitle><manvolnum>1</manvolnum></citerefentry></member> | |
116 | <member><citerefentry><refentrytitle>pam_systemd_home</refentrytitle><manvolnum>8</manvolnum></citerefentry></member> | |
117 | <member><citerefentry><refentrytitle>userdbctl</refentrytitle><manvolnum>1</manvolnum></citerefentry></member> | |
118 | <member><citerefentry><refentrytitle>org.freedesktop.home1</refentrytitle><manvolnum>5</manvolnum></citerefentry></member> | |
119 | </simplelist></para> | |
38e7b808 LP |
120 | </refsect1> |
121 | </refentry> |