Unlocking the Future of User Management

Photo by Ries Bosch on Unsplash

Embracing Modernity

In the ever-evolving landscape of Linux, Fedora stands out as a pioneer, continually embracing innovation while maintaining stability. One of the most significant advancements in recent releases is the introduction of systemd-homed. This feature aims to redefine how user home directories are managed. It brings a new level of efficiency and flexibility to the user experience. Let’s delve into what systemd-homed is, its benefits, and how it transforms the Fedora ecosystem.

What is systemd-homed?

At its core, systemd-homed is a component of the systemd suite that focuses on user home directory management. Traditional Linux systems treat user accounts and their associated data in a fairly static way with home directories typically stored in /home. In contrast, systemd-homed abstracts home directory management into a more dynamic and portable system.

systemd-homed allows user home directory storage in various formats and locations—whether on local disks, networked storage, or even in containers. This flexibility opens up new possibilities for user data management and enhances the user experience significantly.

Key Features and Benefits

1. Portable Home Directories

One of the standout features of systemd-homed is the ability to create portable home directories. Users can easily move their home directories across different machines without losing any settings or data. This is especially beneficial for those who frequently switch between Workstations or Atomic desktops.

2. Secure and Encrypted by Default

Security is paramount in today’s digital age. Encryption is an integral part of the user home directory in systemd-homed. Each home directory can be encrypted using LUKS (Linux Unified Key Setup). This ensures that sensitive data remains protected, regardless of where it resides.

3. Easier User Management

System administrators will appreciate the simplified user management that comes with systemd-homed. The homectl command allows easy creation, modification, and deletion of user accounts. Administrative tasks are streamlined and the complexity often associated with traditional user management methods is reduced.

4. Dynamic User Sessions

systemd-homed introduces a new way to handle user sessions. With dynamic user sessions, the system can create a tailored environment based on the user’s specific needs and configurations. This adaptability ensures that users always have a consistent and optimized experience, regardless of the machine they log into.

Integration with Fedora

Fedora, known for its cutting-edge technology, has seamlessly integrated systemd-homed into its architecture. Starting with Fedora 41, administrators can easily take advantage of this feature to create users with personalized configurations. The homectl command provides a user-friendly interface for managing home directories, making it accessible even for less experienced users.

Getting Started with systemd-homed in Fedora

To take advantage of systemd-homed, users can begin by enabling it during the installation process or convert existing accounts afterward. The process is straightforward:

  1. Install Fedora 41: Start with a fresh installation or an upgrade to the latest version.
  2. Enable systemd-homed service: Use systemctl to enable the systemd-homed service.
  3. Enable systemd-home PAM: Use authselect to enable the systemd-homed feature.
  4. Manage Home Directories: Utilize homectl to create and manage home directories effortlessly.

For example, to create a new user in a systemd-homed manged home directory, use the following simple command:


sudo homectl create myuser --disk-size=10G

This command not only creates the user but also allocates disk space for their home directory.

Conclusion

As Fedora continues to lead the way in Linux innovation, the integration of systemd-homed marks a significant step toward modernizing user management. Its features not only enhance security and portability but also simplify the overall user experience. For those looking to embrace the future of Linux, Fedora with systemd-homed is an excellent choice, blending cutting-edge technology with the reliability that users have come to expect.

Whether you’re a seasoned sysadmin or a casual user, diving into systemd-homed can redefine how you interact with your Linux environment. Embrace the change and discover the possibilities that await in the world of Fedora!

Fedora Project community

33 Comments

  1. AB

    This needs correction:

    “Users can easily move their home directories across different machines without losing any settings or data.”

    It should say instead:
    “Users can easily move their home directories together with homed keys across different machines without losing any settings or data.”

    If user moves only homed-managed home file/directory/disk and then formats source machine – homed keys are lost and homed on the target machine will not be able to work with migrated homed-managed home.

    • It can do a lot more then just that. I can write a whole article on just the user records/keys, didn’t add them here because there is too much information for one article.

      • AB

        Please, do article series on homed. I think we need more users getting into homed managed home dirs.

  2. This suspiciously looks like written by ChatGPT: “embrace”, “ever-evolving landscape”, “”Let’s delve into”, etc.

    I would prefer reading articles, written by humans, who know what they are talking about.

    • venicones

      A command of the English vocabulary and writing style is not clear evidence of AI.

    • This article was AI enhanced with word suggestions to sound more attractive, but I can a sure you that your questions, which lack clarity, can be answered in an educated manner.

      • ResponsableNetizen

        I think people are cautious that Fedora Magazine DOESN’T fall down the slippery slope of auto-generated content to maximize probable user engagement on certain topics!

        Like everyone else is doing nowadays 😉

  3. Daiquiri Melao

    this is awesome!
    Thank you for pushing it!

  4. Lariscus

    Does this also work for Fedora Atomic Desktop installations?

  5. BurningPho3nix

    How to enable systemd-homed pam through authselect?

  6. Daniele Guarascio

    Could you please add instructions to migrate existing users?

  7. Mike

    This is a good article but it is made a lot less enjoyable by the use of a LLM. It feels very generic and overly marketing-y. The information presented about systemd-homed is useful but is then drowned out by the ChatGPT style language. Thank you for writing this article but i think it would have been better in your original version before asking a LLM for feedback.

  8. Kostas Sfakiotakis

    Is it possible to give us an example ??? . Tried following the instructions but am failing on step 3
    Enable systemd-home PAM
    When I try it I get : kostassf@Orion:~$ systemctl enable systemd-home
    Failed to enable unit: Unit systemd-home.service does not exist
    kostassf@Orion:~$ systemctl enable systemd-home PAM
    Failed to enable unit: Unit systemd-home.service does not exist

    What am I missing here ??

    • systemd-homed.service should already be enabled by default.

      systemd-home PAM is not enabled by default, to enable enter:
      sudo authselect enable-feature with-systemd-homed

  9. Luca Cavana

    I’m not a native English speaker and as such I wasn’t able to spot the use of LLMs to co-write the article… but it’s not certainly good to read.

    Also, it gives not many useful information at all. I guess most of the readers are technical guys wanting more articulated details, and this article (as many others I should say) just sound as marketing and diminishes the value of the Fedora magazine and project overall.

    • The purpose of this article was to glorify fedora for it’s greatness and lightly introduce people to using systemd-homed, not to degrade the integrity of this magazine, but to promote it , and it’s achievements.

      As noted several times above, and taken as constructive criticism, I will not seek assistance on the following parts of the series .

  10. Charles B.

    Hello,

    Thank you for your contribution. It is not clear to me how this interacts with the installer. At what time should the sudo authselect enable-feature with-systemd-homed be invoked? How does this impact the user created in the installer? Should I still create a /home directory under the / root partition? Did 41 changed something so all the steps in this (https://discussion.fedoraproject.org/t/building-a-new-home-with-systemd-homed-on-fedora/72690) post are no longer necessary?

    Thanks,

    Charles B.

    • Scott Trakker

      I think it was a good read and I learned a few things!

    • At the moment, systemd-homed user(s) can be created after the installation process. There is a service that will create a homed user on first boot, but fedora has it disabled.

      That article was written almost two (2) years ago. Much has changed since that time.

      Step 5 is need if you previously used systemd-homed and/or if the records/keys are incorrectly labled.
      Step 6 is needed because fedora doesn’t have it enabled by default.

      Fedora 41 eliminated steps 1-4 by adding the selinux systemd-homed policy. All other steps are obsolete.

      • Charles B.

        Thank you very much for your assistance and willingness to wave the flag. Are there things we should be ware of please? Things that might break?

        Thanks again.

  11. Kostas Sfakiotakis

    Still struggling to make things work .

    sudo authselect enable-feature with-systemd-homed
    [sudo] password for kostassf:
    Make sure that SSSD service is configured and enabled. See SSSD documentation for more information.

    with-systemd-homed is selected, make sure that the system-homed service is enabled

    systemctl enable –now systemd-homed.service

    kostassf@Orion:~$ systemctl status system-homed
    Unit system-homed.service could not be found.
    kostassf@Orion:~$ systemctl status systemd-homed
    ● systemd-homed.service – Home Area Manager
    Loaded: loaded (/usr/lib/systemd/system/systemd-homed.service; enabled; preset: enabled)
    Drop-In: /usr/lib/systemd/system/service.d
    └─10-timeout-abort.conf
    Active: active (running) since Wed 2024-11-13 19:28:33 EET; 2min 6s ago
    Invocation: 81e981cddd154547a1d42b4d403ca418
    Docs: man:systemd-homed.service(8)
    man:org.freedesktop.home1(5)
    Main PID: 1457 (systemd-homed)
    Tasks: 1 (limit: 19016)
    Memory: 1.7M (peak: 3.5M)
    CPU: 60ms
    CGroup: /system.slice/systemd-homed.service
    └─1457 /usr/lib/systemd/systemd-homed

    Νοε 13 19:28:33 Orion.Andromeda.Galaxy.local systemd[1]: Starting systemd-homed.service – Home Area Manager…
    Νοε 13 19:28:33 Orion.Andromeda.Galaxy.local systemd-homed[1457]: Watching /home.
    Νοε 13 19:28:33 Orion.Andromeda.Galaxy.local systemd[1]: Started systemd-homed.service – Home Area Manager.

    from the looks of it , since am a bit out of my league , can someone tell me in plain English what am I still missing ??

  12. Kamil Páral

    I don’t want to sound harsh, but this article contains just a few sentences of actual content that is fluffed by empty marketing phrases and corporate speak into a whole article. I don’t understand how this got through editor review. On Fedora Magazine, there’s either technical audience, who want to know the actual technical details (just read “Dynamic User Sessions” paragraph again and try to find a single piece of information – there’s none), or there are general users, who don’t care about systemd-homed and therefore never clicked on this article. And if they did, they were probably put off by a generic marketing speak.

    Please be more technical next time, and write the article yourself, without AI. Poor English is not a problem (ask the AI to just correct your grammar, instead of writing it as a whole), at least we can see a fellow human contributor working with us on improving Fedora. Most of us are not native speakers anyway. Write it the same way as if you were talking to a group of friends 🙂 Thanks.

    • This article was just an soft introduction to an alternative use of managing users. It wasn’t meant to teach anything, hence why there is no content. It was mentioned earlier, before publication by editors and after by comments written here, that it should include more examples of it’s use, in which I agree. But as stated from the comments above, there can be a plethora of breakdowns of it’s functions and options that just cannot fit into one article.

      Dynamic User Sessions mean users have the option of transferring there evolving customization’s between different OS’s instead of being tied down to a single OS like traditional OS’s, which it clearly states. Would you have preferred a break down or comparison of the two?

      It was a pleasure reading your incites.

    • hu

      Dear readers, since the topic of “systemd & home-environment” has now been left far behind us and we are now entering a completely different meta level, a small, remote impulse on my part: I had not heard of “systemd-homed” before. Even though it all sounded a bit like a marketing article, I understood in a nice way what it was all about. The use of AI was clearly evident. And now? Someone used a tool to create content. He moderated the tool and received a text that he shared. He made me aware of “systemd-homed” and I will look into it in more detail. If people don’t find this respectable, that’s their choice. It’s a shame that today the concept of tolerance is increasingly being forgotten. And one more thing at the end: “Tolerance” or in English “endure” has something to do with work. When you practice it you will notice that it hurts. Kind regards, hu

      • Luca Cavana

        Well Hu, no, thank you.

        It’s not fair to depict who gave an honest and clear feedback as an intolerant.
        Many of us here gave the author a feedback that as readers of Fedore Magazine we don’t want AI-generated and too vague content but, as technical people, we want more of the nitty-gritty details of how things works written by a human who have a deep understanding of that. Or else we would be reading MSN News.

        That’s all, the author publicly acknowledged that, and I’m sure on the following articles he will correct the aim.

        • hu

          Dear Luca,
          As you’ve probably noticed, Richiedaze hit the right note as far as I’m concerned. It was obvious that he was using an AI. Others here were also happy about his impulse. As for my statement regarding intolerance, that is my personal opinion. I wouldn’t tell anyone what to do differently. However, I would always praise people when they have done something well in my eyes. You wrote “we don’t want AI-generated and too vague content”. I’m a bit lazy to search, but you seem to know what “we” want. Maybe you have a link to the etiquette that describes the rules for authors in Fedora magazine. I would be particularly interested in the rejection of AI-generated content.
          Kind regards, hu

  13. Sami J

    Thanks for this richiedaze! Great work, and I intend to use it. Please continue with more technical articles on this topic, like migrating existing users.

    (Interesting how many had a visceral negative or suspicious reaction to the tone of the AI-assisted passages. I did too. Good demonstration and a learning experience!)

  14. boeing_60

    Thank you for your article!
    Do you know if there is plans for Fedora to develop a GUI for systemd-homed and integrate it to GNOME settings?
    I would love to encrypt my home folder (not my entire disk, so that I can avoid to remember two passwords…) with my user’s account password, and without the need to reinstall the entire OS.

Leave a Reply


The interval between posting a comment and its appearance will be irregular so please DO NOT resend the same post repeatedly. All comments are moderated but this site is not monitored continuously so comments will not appear as soon as posted.

This site uses Akismet to reduce spam. Learn how your comment data is processed.

The opinions expressed on this website are those of each author, not of the author's employer or of Red Hat. Fedora Magazine aspires to publish all content under a Creative Commons license but may not be able to do so in all cases. You are responsible for ensuring that you have the necessary permission to reuse any work on this site. The Fedora logo is a trademark of Red Hat, Inc. Terms and Conditions