[systemd-devel] Github systemd issue 6237

[Reindl Harald]

Am 05.07.2017 um 12:32 schrieb Michael Chapman:
> In Wed, 5 Jul 2017, Reindl Harald wrote:
>>>  The issue being discussed here is that systemd considers "0day" to be
>>>  _syntactically_ invalid for a username. See the valid_user_group_name()
>>>  function in basic/user-util.c.
>>
>> yes and hence it should FAIL the service and not behave silently like 
>> the left side of a param is unknown on a older version - a invalid 
>> VALUE in a config has to fail until it's makred with a dash to silent 
>> be ignored in case of errors
> 
> That's really not what the dash means.
> 
> In the various Exec*= directives, a dash means that the command is 
> allowed to fail. Similarly, in WorkingDirectory= the dash means the 
> directory need not exist.
> 
> I do not believe there are any cases where a dash is used to side-step 
> _syntactic_ validation, nor do I think there should be.
> 
> Really, you should just think of the dashes as being part of the syntax 
> for the directives that support them.
> 
> As far as directives like User= go, there _may_ be a use for dash to 
> mean "do not change UIDs if the username turns out to not actually 
> exist"... but I would strongly advise against it

better than silently ignore a directive and run code as root which was 
never intended to run as root because of questionable "we know better 
what is valid then the underlying system which allowed to create that 
user" - do it proper or fail but not start code as root and pretend you 
are right

such issues closed as "not a bug" as well as 
https://github.com/systemd/systemd/issues/5644 with comments like "Yeah, 
it's a UNIX pitfall, but "rm -rf /foo/.*" will work the exact same way, 
no?" which is not true for years make me afraid because it is a "to 
begin with we are always right" attitude