User=0day considered harmful in systemd

Posted Jul 15, 2017 0:43 UTC (Sat) by rahvin (guest, #16953)
In reply to: User=0day considered harmful in systemd by anselm
Parent article: User=0day considered harmful in systemd

Has anyone seriously argued systemd should treat a username starting with a number as root? Because I honestly haven't seen anyone say it is, in fact I'd argue that's the one thing pretty much everyone agrees with and the patch to fix this already appears to have been merged. As someone else said, you don't ever want a program to assume that if the user doesn't exist it should run as root instead because the very act of naming a user (even if improperly done) means they didn't want it to run as root.

Anyway, in my mind that part of the discussion is already settled, patch is already merged, just need the release to come out. The publicity on the bug helps, people can now look at their service files and see if they have this happening and they can evaluate it with a simple scripted check using standard tools.

User=0day considered harmful in systemd

Posted Jul 15, 2017 1:07 UTC (Sat) by anselm (subscriber, #2796) [Link]

Has anyone seriously argued systemd should treat a username starting with a number as root?

I don't think so. Where systemd goes out on a limb, as far as I'm concerned, is by assuming that a username that starts with a digit is invalid (and that therefore the directive could be ignored altogether, such that in the absence of a User= directive the unit is by default executed as root). We've heard Lennart claim that this is the “least common denominator” among various Linux distributions, but we've also heard from people who aver that digits at the beginning of a username (or even all-digit usernames) are perfectly acceptable. The paragraph on User= in systemd.exec(5) certainly doesn't mention that restriction but it probably should.