User=0day considered harmful in systemd
User=0day considered harmful in systemd
Posted Jul 14, 2017 15:00 UTC (Fri) by mchapman (subscriber, #66589)In reply to: User=0day considered harmful in systemd by dskoll
Parent article: User=0day considered harmful in systemd
> My understanding was that systemd would not call getpwnam() for a username that's numeric. Or maybe another interpretation is that it would interpret it as a UID iff getpwnam() failed. Was this understanding wrong?
Oh, you were talking about all-digit User= values specifically? systemd will assume that if the value in User= only consists of digits, then it should be interpreted as a UID. While spawning the child process it will attempt to get the credentials for that UID using getpwuid(). It never calls getpwnam() in this case, so if you have an all-digit username on your system the only way to reference this in User= would be to use that user's UID.
So only getpw*() call is chosen, and if it returns an error the command is not executed. It doesn't try one then the other, nor is there any "fallback" to root.