-
-
Notifications
You must be signed in to change notification settings - Fork 3.7k
-
-
Notifications
You must be signed in to change notification settings - Fork 3.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
systemd error handling on user= is dangerous and makes no sense #6309
Comments
particularly refer to #6237 (comment) |
Hi, Fix is here #6300 Closing, thanks! |
thanks! looks like it's targeting at least the *2: point of above. |
Hi @Joerg-rw for:
I did not follow the whole issue but from my limited understanding it seems that systemd is not enforcing anything here. Most software and distros there do not support such names, if that was the case then maybe systemd can support them too, I think this was already pointed out by other systemd maintainers ? no ? While we are at it, the POSIX standard allows to break things:
Your file is still owned by group root, what if it is a
That's why we are not interested in such cases, we won't introduce new complexity. Thanks! |
I'm asking to reduce complexity, by not doing syntactical checks on user names (In Expression: dicard the complete "user=" name value syntax check in systemd) since all of the above is not ti get handled or enforced in systemd, it's handled in useradd or whatever other tool the system provides to create new users. So systemd MUST NOT check for any syntax properties of the "user=" value provided, just a simple getpwnam_r() or whatever it already does, then act accordingly, that's sufficient. A "syntactically invalid" username can't be in the password database, a name that is in that database can't be syntactically incorrect. |
#6237 (comment) suggests the opposite I'd re-open this ticket because of this, if I could find how to |
@Joerg-rw |
That's simply not true. systemd validates specified user names at two places. In the sysusers.d code and in the unit code. In both cases, we will potentially register users in the system. In the sysusers.d case that's the purpose of the entire excercise, and in the User=/Group= unit setting that's done as soon as DynamicUser=1 is specified. And yes, systemd should not be permitted to be a vehicle to pollute the users database with users that you couldn't register with "adduser". Note that systemd-logind does not validate the user names passed to it the same way, as PAM/login do not validate their input either, and in this case we are just consumers of the data, and just integrate into some foreign ecosystem that PAM is.
Even if systemd was only consuming user names for User=/Group= (which it isn't, see above), I still think there's great benefit in complaining about user names that are highly problematic, in particular as we want unit files to remain portable between systems and distros, and if you make use of a syntax that isn't supported widely, you work against that. |
Submission type
systemd version the issue has been seen with
Used distribution
In case of bug report: Expected behaviour you didn't see
In case of bug report: Unexpected behaviour you saw
This is highly surprising, unexpected (by the average user) and dangerous behavior.
Systemd should not bother at all about syntactical correctness of value at right-side of "user=" and simply leave it to the system to check if the particular system allows and knows a user of that name.
*1: It's not systemd's call to enforce anything about "syntactically correct names" here
*2: systemd MUST NOT run jobs as root when a "user=" been given, no matter what (except "root") is on the value side.
Rationale: it's considered highly dangerous to run a job as root when that job obviously is not meant to run as root, since admin gave "user=" parameter.
Syntax of user names gets enforced elsewhere, systemd must not duplicate any such policies unless it's creating a new user(name)
In case of bug report: Steps to reproduce the problem
The text was updated successfully, but these errors were encountered: