Bug 1717603
Summary: | Systemd doesn't allow to set User in service files to a username with a dot in it. Error: Invalid user/group name or numeric ID | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 8 | Reporter: | Akshay Jain <akjain> |
Component: | systemd | Assignee: | Jan Synacek <jsynacek> |
Status: | CLOSED ERRATA | QA Contact: | Frantisek Sumsal <fsumsal> |
Severity: | unspecified | Docs Contact: | |
Priority: | unspecified | ||
Version: | 8.0 | CC: | adam.winberg, eric.soderman, jsynacek, kwalker, lonok33353, systemd-maint-list |
Target Milestone: | rc | Keywords: | Reopened |
Target Release: | 8.0 | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | systemd-239-20.el8 | Doc Type: | If docs needed, set a value |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2020-04-28 16:44:50 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Akshay Jain
2019-06-05 19:14:23 UTC
From my point of view, we should fix this. https://github.com/systemd/systemd/issues/12754 Thanks, would really like this to be fixed as it would give us problems otherwise as we use different .suffix for different user account types (production, test, dev etc). See the upstream issue. I'm wondering about this paragraph from upstream issue: "Note that this restriction hsa been in place since a long long time in systemd, hence we don't even break compatibility here: it's not that we suddenly broke unit files that previously worked with systemd that no longer work." This restriction is NOT in place in RHEL7, so for a RHEL customer this is a potentially breaking change (it is for us, causing a LOT of extra work to migrate to RHEL8). So, is a 'fix' for the rhel8 package really out of the question? A middle ground would be to make the behaviour configurable in systemd and thus leaving it to the user to decide. (In reply to adam winberg from comment #4) > So, is a 'fix' for the rhel8 package really out of the question? > > A middle ground would be to make the behaviour configurable in systemd and > thus leaving it to the user to decide. I don't think it's out of the question, but I'm not willing to do another rhel-only patch. But the final decision is not mine. If you want, you can reopen this bugzilla so other members of the systemd team can give their opinions. I have already given mine, but the upstream disagrees. As to the "middle ground", I don't think that there is one. We either enable the dot or not. Making it somehow configurable (compile time option? program argument?) would be way too complicated for what the functionality is supposed to be. As per my opinion , this is a must requirement . and we might expect alot of other customers to demand for the same. If it is somehow possible to include this feature back, i am reopening this bugzilla, lets see if any other member has to say something on it. The fix has been merged in upstream in https://github.com/systemd/systemd/pull/13244. There's also a commit (https://github.com/systemd/systemd/pull/13244/commits/88e2ed0b5bf6f08f5a2d4d64b1fefdc7192b9aac) which causes systemd to emit warning for usernames with a dot with them which should be, probably, discussed before backporting, as some customers may not like that. I suggest to allow the dot only, without the warning. The warning was an idiosyncratic decision, really. fix merged to github master branch -> https://github.com/systemd-rhel/rhel-8/pull/25 -> post Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2020:1794 Bug 1717603 is a known issue in systemd where the User field in service files cannot be set to a username that contains a dot. This can be particularly frustrating for users with usernames that contain a dot as it prevents them from running certain services with systemd. The reason for this issue is due to security concerns surrounding usernames with dots, as they can be used to bypass security measures in some cases. However, there are a few workarounds that can be used to resolve this issue. One option is to rename the username to remove the dot, although this may not be practical or desirable for all users. I will visit https://casino358.com/kasinovinkkeja/kasino-ilman-kierratysta/ website now so that I could find online casino in Finland to enjoy my time with my friends. |