[systemd-devel] DynamicUser shared by service instances

[Lennart Poettering]

On Mo, 02.09.19 18:37, sqwishy (somebody at froghat.ca) wrote:

> Hi.
>
> I was looking at how dynamic users are implemented and noticed that instances seem to
> share one dynamic user within their service. In the example below, I have an attached
> portable service with StateDirectory=derp-%i
>
>     # ls -dn /var/lib/private/derp-{foo,bar}
>     drwxr-xr-x 2 64000 64000 4096 Sep  2 17:59 /var/lib/private/derp-bar/
>     drwxr-xr-x 2 63000 63000 4096 Sep  2 17:59 /var/lib/private/derp-foo/
>
>     # systemctl start f30-derp@{foo,bar}
>
>     # ls -dn /var/lib/private/derp-{foo,bar}
>     drwxr-xr-x 2 63000 63000 4096 Sep  2 17:59 /var/lib/private/derp-bar/
>     drwxr-xr-x 2 63000 63000 4096 Sep  2 17:59 /var/lib/private/derp-foo/
>
>     # ls -l /run/systemd/dynamic-uid/
>     total 4
>     -rw------- 1 root root 9 Sep  2 18:12 63000
>     lrwxrwxrwx 1 root root 8 Sep  2 18:12 direct:63000 -> f30-derp
>     lrwxrwxrwx 1 root root 5 Sep  2 18:12 direct:f30-derp -> 63000
>
> Normally the state directories are created under the same owner, I set different owners
> explicitly to see that the second instance's directory is chowned.
>
> I guess I'm wondering if this behaviour is intentional? I found it surprising but that
> might just be me.

You can pick the name for the DynamicUser= via User=. What did you set
it to? By default it's derived from the unit name. If two units
specify the same name they get the same user.

Lennart

--
Lennart Poettering, Berlin