[systemd-devel] Github systemd issue 6237
Michael Chapman
mike at very.puzzling.org
Wed Jul 5 10:32:42 UTC 2017
In Wed, 5 Jul 2017, Reindl Harald wrote:
>
>
> Am 05.07.2017 um 12:10 schrieb Michael Chapman:
>> On Wed, 5 Jul 2017, Colin Guthrie wrote:
>> > Reindl Harald wrote on 04/07/17 19:50:
>> > > > When new configuration options are added, the same unit file can
>> > > > almost always be used with older systemd, and it'll just warn &
>> > > > ignore
>> > > > the parts it doesn't understand. Similarly, various configuration
>> > > > options might be unavailable on some architectures and with some
>> > > > compilation options. The current behaviour of warn&ignore provides
>> > > > for "soft degradation" in those cases.
>> > >
>> > > frankly a new option on the left side is a completly different thing
>> > > than a invalid value - just silently continue with invalid values of
>> > > existing options is playing a danergous game in a crucial component
>> > > like
>> > > systemd
>> >
>> > It's a rare thing :p but I have to agree with you here!
>> >
>> > I'd say if "User=-notauser" then silently failing and using root is
>> > acceptable as per the usual semantics of "- prefix suppresses errors",
>> > but "User=notauser" should fail IMO.
>>
>> I'm pretty sure you'll find that it does. Specifically, it will fail when
>> the child process for the command being executed attempts to map the
>> username to a UID.
>>
>> The issue being discussed here is that systemd considers "0day" to be
>> _syntactically_ invalid for a username. See the valid_user_group_name()
>> function in basic/user-util.c.
>
> yes and hence it should FAIL the service and not behave silently like the
> left side of a param is unknown on a older version - a invalid VALUE in a
> config has to fail until it's makred with a dash to silent be ignored in case
> of errors
That's really not what the dash means.
In the various Exec*= directives, a dash means that the command is allowed
to fail. Similarly, in WorkingDirectory= the dash means the directory need
not exist.
I do not believe there are any cases where a dash is used to side-step
_syntactic_ validation, nor do I think there should be.
Really, you should just think of the dashes as being part of the syntax
for the directives that support them.
As far as directives like User= go, there _may_ be a use for dash to mean
"do not change UIDs if the username turns out to not actually exist"...
but I would strongly advise against it.
More information about the systemd-devel
mailing list