logind.conf(5) man page entry for RemoveIPC option varies from observed behavior

[automaticit]

In the man page entry for the RemoveIPC option, it states: "Note that IPC objects of the root user are excluded from the effect of this setting."

Under RHEL 7u2, this man page entry has not been changed. I hope that means Red Hat has not made a downstream modification to systemd without an accompanying man page change. IBM DB2 Support and we discovered that actually, objects of all users considered to be system users, i.e., with uidnumber < 1000, are excluded. DB2 v10.x will randomly crash on RHEL 7u2 unless the RemoveIPC option is set to "no".

So does the man page have a defect, or is the defect in systemd because it is really supposed to lock down the behavior only to root user for the RemoveIPC option, and not for all system users?

Note that system users are defined in /etc/login.defs and not hard-coded. So while canonically system users are uidnumber < 1000, really if the man page needs a correction then it should read more along these lines:

Note that IPC objects of system users are excluded from the effect of this setting. System users have uid numbers below UID_MIN in /etc/login.defs, by default 1000.

[automaticit]

In case it helps anyone else. Red Hat Solution #2062273, "Applications using IPC (semaphores, shared memory, message queues) have problems after update to RHEL 7.2" is what the IBM DB2 Support team used to help identify the issue, and which led them to observe the discrepancy in the logind.conf man page from actual behavior.

[poettering]

The systemd man page needs updating, and needs to say that system users are generally excluded from the effect of RemoveIPC=.

Note that systemd does not honour the login.defs setting. The system user boundary is really not something that a user could reasonable configure at runtime. Thus, it is only compile-time configurable in systemd (the configure scripts actually try to determine it automatically from /etc/login.defs at compile-time), but not runtime configurable.

[automaticit]

Thank you Lennart, that was very helpful. Hope the following possible rewording isn't too verbose. If whoever makes the actual change to the man page can point to the source document describing systemd's discrimination between compile time and runtime modifications of UID_MIN and UID_MAX in /etc/login.defs, then that makes the modification even shorter (something like "See foo(5), section bar, for how systemd identifies a system user.").

Original:

Note that IPC objects of the root user are excluded from the effect of this setting.

Possible rewording:

Note that IPC objects of system users are excluded from the effect of this setting. System users have uid numbers less than UID_MIN in /etc/login.defs at systemd compile time only, by default 1000. Changes to UID_MIN in /etc/login.defs at runtime are ignored by systemd when identifying the system user uid number boundary, so RemoveIPC also ignores those runtime changes.

[poettering]

We generally don't reference /etc/login.defs, as that's a file that I think better should not exist the way it is. I mean, for the same reason we refuse to parse the system user boundary from the file during runtime we really shouldn't mention its existance at all. It pretends things where configurable that effectively really aren't.

[automaticit]

Makes sense, that vastly simplifies the proposed revised rewording:

Note that IPC objects of system users (with uid numbers less than 1000 by default) are excluded from the effect of this setting.

If this looks good to you, should I make the change in systemd/man/logind.conf.xml and send a pull request for it, and let the build re-generate and update the logind.conf file?