diff options
| author | Lennart Poettering <lennart@poettering.net> | 2022-05-13 18:21:01 +0200 |
|---|---|---|
| committer | Lennart Poettering <lennart@poettering.net> | 2024-02-14 15:01:38 +0100 |
| commit | 46c60f7216a73f963b26564df831e925e049fd49 (patch) | |
| tree | 4494efbeebb736acff64335d70105141224945f1 /docs/USER_RECORD.md | |
| parent | logind: add ability to upgrade session class from 'user-incomplete' to 'user' (diff) | |
| download | systemd-46c60f7216a73f963b26564df831e925e049fd49.tar.xz systemd-46c60f7216a73f963b26564df831e925e049fd49.zip | |
user-record: add fields for a fallback home dir + shell
This adds fields to the user record logic to allow a "fallback" home
directory and shell to be set as part of the "status" section of the
user record, i.e. supplied by the manager of the user record.
The idea is that if the fallback homedir/shell is set it will take
precedence over the real one in most ways.
Usecase: let's try to make ssh logins into homed directories work.
systemd-homed would set a fallback shell/homedir for inactive home dirs.
Thus, when ssh logins take place via key auth, we can allow them, and
these fallback session params would be used because the real home cannot
be activated just yet becasue we cannot acquire any password for it from
the user.
Diffstat (limited to 'docs/USER_RECORD.md')
| -rw-r--r-- | docs/USER_RECORD.md | 14 |
1 files changed, 14 insertions, 0 deletions
diff --git a/docs/USER_RECORD.md b/docs/USER_RECORD.md index aba45c39f4..50ea58ac31 100644 --- a/docs/USER_RECORD.md +++ b/docs/USER_RECORD.md @@ -914,6 +914,20 @@ itself. `fileSystemType` → The file system type backing the home directory: a short string, such as "btrfs", "ext4", "xfs". +`fallbackShell`, `fallbackHomeDirectory` → These fields have the same contents +and format as the `shell` and `homeDirectory` fields (see above). When the +`useFallback` field (see below) is set to true, the data from these fields +should override the fields of the same name without the `fallback` prefix. + +`useFallback` → A boolean that allows choosing between the regular `shell` and +`homeDirectory` fields or the fallback fields of the same name (see above). If +`true` the fallback fields should be used in place of the regular fields, if +`false` or unset the regular fields should be used. This mechanism is used for +enable subsystems such as SSH to allow logins into user accounts, whose homed +directories need further unlocking (because the SSH native authentication +cannot release a suitabable disk encryption key), which the fallback shell +provides. + ## Fields in the `signature` section As mentioned, the `signature` section of the user record may contain one or |