The 2 AM Nightmare and the Obsolescence of /etc/passwd
Imagine this scenario: it’s 2 AM, and the Fedora server containing your dev team’s critical data has a file system error. You try to mount the hard drive to another machine to rescue the data, but you encounter a complete mess. UIDs are out of sync, permissions are haywire, and you’re left scratching your head over handling crashes on Fedora manually.
Having used Fedora as my primary OS for two years, I absolutely love the package update speed. However, the old-school user management style from the 70s is a major drawback. User information is scattered everywhere. If you want to move a user to another machine, you almost have to perform every step manually.
That is why systemd-homed exists. It encapsulates all user information into a single entity that is self-encrypting and extremely portable. Let’s switch to this modern user management mindset for a clean and secure server.
Core Concepts: What is systemd-homed?
Instead of scattering information across text files, systemd-homed creates a JSON record containing everything from hashed passwords to resource limits. The Home directory is no longer a static folder; it can be a LUKS image file, a dedicated partition, or a flexible Btrfs subvolume.
The biggest advantage lies in security. When you log out, the system unmounts and locks the Home directory. Even if a hacker gains root access while you are away, accessing personal data is nearly impossible.
Step 1: Enabling systemd-homed on Fedora
Although Fedora is always a playground for new technology, systemd-homed is not yet enabled by default to avoid conflicts with legacy configurations. The first thing we need to do is wake it up.
# Install the package (usually already available on Fedora Workstation)
sudo dnf install systemd-homed
# Enable and start the service immediately
sudo systemctl enable --now systemd-homed
Check the status using the homectl list command. If the list is empty, the system is ready to welcome its first member.
Step 2: Creating a New User with homectl
Say goodbye to useradd; we are getting acquainted with homectl. Suppose I want to create a user named itzero with a 10GB capacity and use LUKS encryption for maximum security.
sudo homectl create itzero --storage=luks --disk-size=10G
After entering the password, systemd-homed will create an image file at /home/itzero.home. When the user logs in, this file is automatically mounted to /home/itzero. Upon logout, it completely disappears from the system directory tree, leaving no trace.
Want to take a close look at the internal JSON configuration? Use the command:
homectl inspect itzero
Step 3: Resource Limits – Manage Like a Pro
This is the “secret weapon” for those managing Lab servers. You can limit RAM or CPU for each user right within their record without manually touching cgroups.
For example, I want to limit user itzero to a maximum of 2GB RAM and a 20% CPU weight:
sudo homectl update itzero --memory-max=2G --cpu-weight=20
This change takes effect immediately or upon the next login. This approach is very practical when sharing a machine with interns running code without worrying about them hanging the entire system.
Step 4: Handling Login Issues (PAM)
A hard-earned lesson: if you create a user but cannot log in via the GDM screen, don’t panic. The reason is usually that PAM (Pluggable Authentication Modules) has not yet recognized this new mechanism.
On Fedora, you need to tell the system to prioritize checking systemd-homed with the following command:
sudo authselect select sssd with-systemd-home --force
This command reconfigures the authentication flow, ensuring pam_systemd_home.so is called at the right time.
Step 5: Portability – The Most Valuable Feature
Moving your data has never been easier. If you store your Home directory as a LUKS image file on an external drive, moving to a new Fedora machine takes only two steps:
- Connect the drive containing the image file to the new Fedora machine.
- Run the command:
sudo homectl activate /path/to/itzero.home.
The new system automatically reads the JSON record, recognizing the UID and the old password. You get your familiar working environment instantly without complex rsyncing or fixing file ownership permissions.
Conclusion from Real-World Experience
Switching to systemd-homed isn’t just about following a trend. It’s a way to protect data and simplify administration in the long run. Although it may seem unfamiliar at first, the cleanliness of homectl will make you never want to go back to manually editing /etc/passwd again.
If you are running a multi-user system or need to secure your personal directory, try it out now. Don’t wait until you have to rescue data in the middle of the night to realize its full value.

