[systemd-devel] DynamicUser=yes leads to "Too many levels of symbolic links" for /etc/.pwd.lock
Lennart Poettering
lennart at poettering.net
Thu Sep 14 08:26:54 UTC 2023
On Do, 14.09.23 03:50, Muggeridge, Matt (matt.muggeridge2 at hpe.com) wrote:
> $ ls -l /etc/.pwd.lock
>
> lrwxrwxrwx 1 root root 19 Apr 5 2011 /etc/.pwd.lock -> sysconfig/.pwd.lock
>
> $ ls -l /etc/sysconfig/.pwd.lock
>
> -rw------- 1 root root 0 Aug 16 07:25 /etc/sysconfig/.pwd.lock
>
> For the purpose of investigation, I configured an overlay so /etc/.pwd.lock was a simple writeable file (not a read-only symlink) and the service starts.
>
> Why is systemd complaining about the file being a symlink?
It's supposed to be a lock file, i.e. a regular file we issue POSIX file
locks on. It's not a config file.
The problem with symlinks for things like this is that in various
contexts these files are atomically replaced, and if that happens then
symlinks just make a mess, since it's not clear whether to replace the
symlink or its target.
Hence, we don't support that.
Generally, things like /etc/passwd is API pretty much, you cannot
really change it to a be a symlink (unless you make it fully
immutable), since it is updated by various tools and these tools tend
to do atomic updates of these files, i.e. when updating they write a
new file under a temporary name/O_TMPFILE, and then atomically move
it over the old file, so that other clients either get the old version
or the new version but never a half-updated version. This kind of
updating is really how you have to do things on UNIX, but that means
symlinks are out of the question...
Hence, TLDR: don't make the lock file a symlink. (Also, why would you even?)
Lennart
--
Lennart Poettering, Berlin
More information about the systemd-devel
mailing list