1SYSTEMD-HOMED.SERVICE(8)     systemd-homed.service    SYSTEMD-HOMED.SERVICE(8)
2
3
4

NAME

6       systemd-homed.service, systemd-homed - Home Area/User Account Manager
7

SYNOPSIS

9       systemd-homed.service
10
11       /usr/lib/systemd/systemd-homed
12

DESCRIPTION

14       systemd-homed is a system service that may be used to create, remove,
15       change or inspect home areas (directories and network mounts and real
16       or loopback block devices with a filesystem, optionally encrypted).
17
18       Most of systemd-homed's functionality is accessible through the
19       homectl(1) command.
20
21       See the Home Directories[1] documentation for details about the format
22       and design of home areas managed by systemd-homed.service.
23
24       Each home directory managed by systemd-homed.service synthesizes a
25       local user and group. These are made available to the system using the
26       User/Group Record Lookup API via Varlink[2], and thus may be browsed
27       with userdbctl(1).
28

KEY MANAGEMENT

30       User records are cryptographically signed with a public/private key
31       pair (the signature is part of the JSON record itself). For a user to
32       be permitted to log in locally the public key matching the signature of
33       their user record must be installed. For a user record to be modified
34       locally the private key matching the signature must be installed
35       locally, too. The keys are stored in the /var/lib/systemd/home/
36       directory:
37
38       /var/lib/systemd/home/local.private
39           The private key of the public/private key pair used for local
40           records. Currently, only a single such key may be installed.
41
42       /var/lib/systemd/home/local.public
43           The public key of the public/private key pair used for local
44           records. Currently, only a single such key may be installed.
45
46       /var/lib/systemd/home/*.public
47           Additional public keys. Any users whose user records are signed
48           with any of these keys are permitted to log in locally. An
49           arbitrary number of keys may be installed this way.
50
51       All key files listed above are in PEM format.
52
53       In order to migrate a home directory from a host "foobar" to another
54       host "quux" it is hence sufficient to copy
55       /var/lib/systemd/home/local.public from the host "foobar" to "quux",
56       maybe calling the file on the destination
57       /var/lib/systemd/home/foobar.public, reflecting the origin of the key.
58       If the user record should be modifiable on "quux" the pair
59       /var/lib/systemd/home/local.public and
60       /var/lib/systemd/home/local.private need to be copied from "foobar" to
61       "quux", and placed under the identical paths there, as currently only a
62       single private key is supported per host. Note of course that the
63       latter means that user records generated/signed before the key pair is
64       copied in, lose their validity.
65

SEE ALSO

67       systemd(1), homed.conf(5), homectl(1), pam_systemd_home(8),
68       userdbctl(1), org.freedesktop.home1(5)
69

NOTES

71        1. Home Directories
72           https://systemd.io/HOME_DIRECTORY
73
74        2. User/Group Record Lookup API via Varlink
75           https://systemd.io/USER_GROUP_API
76
77
78
79systemd 249                                           SYSTEMD-HOMED.SERVICE(8)
Impressum