User=0day considered harmful in systemd

Posted Jul 13, 2017 1:51 UTC (Thu) by peterhoeg (guest, #4944)
In reply to: User=0day considered harmful in systemd by dskoll
Parent article: User=0day considered harmful in systemd

> What is the use case for having a systemd unit file specify a user that doesn't exist in the system passwd file?

Users can come from other places than the passwd file such as LDAP and NIS which may be unavailable at the time of systemd parsing the unit files.

User=0day considered harmful in systemd

Posted Jul 13, 2017 6:00 UTC (Thu) by anselm (subscriber, #2796) [Link] (1 responses)

Where in the systemd documentation does it say that user names must be resolvable to UIDs when unit files are loaded? Surely it should be sufficient for systemd to be able to figure out a UID for a user name when the program in question is about to be started.

User=0day considered harmful in systemd

Posted Jul 13, 2017 15:25 UTC (Thu) by mezcalero (subscriber, #45103) [Link]

See the man page about that:

https://www.freedesktop.org/software/systemd/man/systemd....

Specifically:

> … If DynamicUser= is not used the specified user and group must have been created statically in the user database no later than the moment the service is started, for example using the sysusers.d(5) facility, which is applied at boot or package install time…