User=0day considered harmful in systemd

Posted Jul 15, 2017 0:08 UTC (Sat) by anselm (subscriber, #2796)
In reply to: User=0day considered harmful in systemd by davidstrauss
Parent article: User=0day considered harmful in systemd

Whatever the case may be, systemd shouldn't execute stuff as root that is not meant to be executed as root. That seems to be sorted now, which is good.

One could argue that systemd also shouldn't try to be smarter than is good for it, e.g., by enforcing its own undocumented assumptions about what usernames ought to look like that may or may not be grounded in reality. There's no doubt that systemd is a nifty piece of software and a huge improvement on anything that came before it, but sometimes a little less would actually be more.

User=0day considered harmful in systemd

Posted Jul 15, 2017 0:43 UTC (Sat) by rahvin (guest, #16953) [Link] (1 responses)

Has anyone seriously argued systemd should treat a username starting with a number as root? Because I honestly haven't seen anyone say it is, in fact I'd argue that's the one thing pretty much everyone agrees with and the patch to fix this already appears to have been merged. As someone else said, you don't ever want a program to assume that if the user doesn't exist it should run as root instead because the very act of naming a user (even if improperly done) means they didn't want it to run as root.

Anyway, in my mind that part of the discussion is already settled, patch is already merged, just need the release to come out. The publicity on the bug helps, people can now look at their service files and see if they have this happening and they can evaluate it with a simple scripted check using standard tools.

User=0day considered harmful in systemd

Posted Jul 15, 2017 1:07 UTC (Sat) by anselm (subscriber, #2796) [Link]

Has anyone seriously argued systemd should treat a username starting with a number as root?

I don't think so. Where systemd goes out on a limb, as far as I'm concerned, is by assuming that a username that starts with a digit is invalid (and that therefore the directive could be ignored altogether, such that in the absence of a User= directive the unit is by default executed as root). We've heard Lennart claim that this is the “least common denominator” among various Linux distributions, but we've also heard from people who aver that digits at the beginning of a username (or even all-digit usernames) are perfectly acceptable. The paragraph on User= in systemd.exec(5) certainly doesn't mention that restriction but it probably should.