Re: [PATCH 00/34] fs: idmapped mounts
On Thu, Oct 29, 2020 at 05:05:02PM +0100, Lennart Poettering wrote:
On Do, 29.10.20 10:47, Eric W. Biederman (ebiederm(a)xmission.com)
wrote:
> Is that the use case you are looking at removing the need for
> systemd-homed to avoid chowning after lugging encrypted home directories
> from one system to another? Why would it be desirable to avoid the
> chown?
Yes, I am very interested in seeing Christian's work succeed, for the
usecase in systemd-homed. In systemd-homed each user gets their own
private file system, and these fs shall be owned by the user's local
UID, regardless in which system it is used. The UID should be an
artifact of the local, individual system in this model, and thus
the UID on of the same user/home on system A might be picked as 1010
and on another as 1543, and on a third as 1323, and it shouldn't
matter. This way, home directories become migratable without having to
universially sync UID assignments: it doesn't matter anymore what the
local UID is.
Right now we do a recursive chown() at login time to ensure the home
dir is properly owned. This has two disadvantages:
1. It's slow. In particular on large home dirs, it takes a while to go
through the whole user's homedir tree and chown/adjust ACLs for
everything.
2. Because it is so slow we take a shortcut right now: if the
top-level home dir inode itself is owned by the correct user, we
skip the recursive chowning. This means in the typical case where a
user uses the same system most of the time, and thus the UID is
stable we can avoid the slowness. But this comes at a drawback: if
the user for some reason ends up with files in their homedir owned
by an unrelated user, then we'll never notice or readjust.
> If the goal is to solve fragmented administration of uid assignment I
> suggest that it might be better to solve the administration problem so
> that all of the uids of interest get assigned the same way on all of the
> systems of interest.
Well, the goal is to make things simple and be able to use the home
dir everywhere without any prior preparation, without central UID
assignment authority.
The goal is to have a scheme that requires no administration, by
making the UID management problem go away. Hence, if you suggest
solving this by having a central administrative authority: this is
exactly what the model wants to get away from.
Or to say this differently: just because I personally use three
different computers, I certainly don't want to set up LDAP or sync
UIDs manually.
Lennart
--
Lennart Poettering, Berlin
Can you help me understand systemd-homed a little bit?
In the man page it says:
systemd-homed is a system service that may be used to create, remove, change or
inspect home areas (directories and network mounts and real or loopback block
devices with a filesystem, optionally encrypted).
It seems that the "underlay?" (If you'll call it that, maybe there is a
better
term) can either be a standalone block device (this sounds close to systemd
machined?), a btrfs subvolume (which receives its own superblock (IIRC?, I might
be wrong. It's been a while since I've used btrfs), or just be a directory
that's mapped?
What decides whether it's just a directory and bind-mounted (or a similar
vfsmount), or an actual superblock?
How is the mapping of "real UIDs" to "namespace UIDs" works when
it's just a
bind mount? From the perspective of multiple user namespaces, are all
"underlying" UIDs mapped through, or if I try to look at another user's
home directory will they not show up?
Is there a reason you can't / don't / wont use overlayfs instead of bind mounts?