Lead Image © SOMYOT TECHAPUWAPAT , 123RF.com

Lead Image © SOMYOT TECHAPUWAPAT , 123RF.com

Portable home directory with state-of-the-art security

Home, Sweet Home

Article from ADMIN 67/2022
The systemd Homed service makes it easy to move your home directory, and FIDO2 or PKCS#11 can secure the stored files.

Your home directory (~) stores personal data and configuration files for the programs you use (e.g., the Google Chrome or Firefox profile and the GTK configuration for the look and feel you prefer for the installed desktop). Moreover, your home directory also contains Thunderbird mail, your music collections, and your photos. Like your own home, the personal folder on a Linux system is typically a place you want to keep safe.

If you use more than one Linux computer, you will not find your personal files on all of these devices, and fixing this issue is by no means trivial. The question of what users can do to share their home directory efficiently with a variety of systems is not new.

Systemd boss Lennart Poettering finally came up with a solution – Homed – that works on recent systems, relying on systemd in the background and making it possible for users to take an external disk with their home directories from machine A to machine B and on to machine C without getting into any trouble (Figure 1).

Figure 1: M.2 SSDs (for high-performance storage in power-constrained devices) are so small and light that even large volumes of data can now be moved back and forth with ease, which allows home directories that are not tied to a single system.

The whole systemd-homed setup is highly secure and efficient. Encryption with multifactor authentication is part of the overall package, as is dynamic user account creation. Although Homed does not support encryption and login with the TPM module, PKCS#11 and FIDO2 can be used.

In this article, I introduce Homed and look into its technical details. Before that, however, it will not hurt to look at the specific problems that Homed solves – all the more so because it will contribute in a fundamental way to understanding how Homed works.

Attempted Thus Far

For decades, the market has tried solutions from a wide variety of approaches that share your home directory with a variety of systems. Sometimes shared storage such as NFS or synchronization solutions such as Rsync came into play. However, Rsync requires a functioning network connection between systems. A company laptop that has to be connected to the VPN to get an Internet connection does not meet this condition, and you are inevitably left out in the cold. On the other hand, you could use Samba to resolve the issue, viewing Linux as something similar to a domain client in the Windows universe. None of these approaches really cornered the market.

The idea of the portable home directory assumes a few things that are not necessarily commonplace on Linux or POSIX-like operating systems in general. First is the problem of user management. If you are using an account named Martin on your system, you will want to use this name elsewhere, too, when you use your mobile home directory. Of course, you can't expect every Linux system in the world to have a preconfigured user account with a suitable name that is just waiting for someone to plug in an SSD with the appropriate home directory. Instead, you need the user account to be created explicitly.

To begin, a user account must be created on a system. When the system then detects that a mobile home directory exists for the respective user, it integrates it. Even here, systemd faces a challenge because before Homed it did not play a role in the system's user management. Now, however, it has to be able to create users and groups.

The whole thing must also work the other way around. Imagine, say, publicly accessible systems that are intended for use by several people with portable home directories. It quickly becomes clear that the system also must be able to delete the user accounts it creates as soon as the user logs off and removes the disk with the storage. User accounts that cannot be disabled are not just useless, they are dangerous. IT history shows that old, forgotten accounts have been used in attack scenarios.

User IDs

Another factor plays a major role in the dynamic use of home directories: user IDs, although they are closely related to usernames. On Linux systems, the username is effectively only the human-readable variant of the user ID, which is assigned to the respective account at the system level. If you want the system to create a user dynamically after a disk has been plugged into a USB port, the process implicitly creates a user ID.

For a user ID (and, in parallel, a group ID), however, the Linux system defines various parameters for each file (e.g., who owns it and who has access to it). This information is stored on the filesystem, which means that it is also stored on the USB stick or SSD that contains the portable home directory. When the user plugs in an SSD, the UID on the system needs to match the contents on the USB stick. If this is not the case, a corrective mechanism is needed; otherwise, access to the files on the disk would fail permanently because of missing permissions.

Mandatory Encryption

Another must-have that, surprisingly, many users still do not have on their radar to this day is disk encryption. With many PCs and certainly with the vast majority of devices used professionally, the value of the data stored on the machine clearly exceeds that of the hardware. Even a top-of-the-range Thinkpad "only" costs a good $4,000 (about EUR3,600). However, if the blueprint for an innovative machine or the company's current tax return is stored on the device and it falls into the wrong hands, somebody is in trouble. The damage caused by industrial espionage and damage to the company's reputation can exceed the value of the hardware many times over.

Manufacturers have long since recognized this vulnerability. Microsoft, for example, offers BitLocker to encrypt all PC storage devices automatically in the background. Apple does the same with FileVault, and the popular Linux distributions now also rely on comprehensive encryption of storage devices, especially on desktops. An NVMe or SSD drive, of course, must also be encrypted if it contains most of the most information in your life.

How can secure encryption of mobile devices be achieved in a meaningful way when the computer is missing? A 64-digit password would provide some security, but it would fail to provide effective protection if no one could remember it. Encryption by means of a certificate or multifactor access control (e.g., FIDO2 in addition to the password) is more useful, preventing data leaks even if the stick and the password fall into the hands of a third party, as long as they don't have the second authentication factor. However, if this kind of technical overhead is required to encrypt the device, then the token you rely on to do so can also be used to log the user onto the system.

Clearly, mobile home directories are a great idea, and they seem simple to implement in theory, but if you take an in-depth look at the technical challenges, disillusionment quickly sets in. Homed at least claims to address the challenges described above. How does it do this in detail, how does the user benefit from it, and what are the limits of the system?

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy ADMIN Magazine

Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

comments powered by Disqus