Bug 1956463
| Summary: | Provide better error message for UID or GID 65535 | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 8 | Reporter: | Nicolas Wildner <nwildner> |
| Component: | systemd | Assignee: | Michal Sekletar <msekleta> |
| Status: | CLOSED WONTFIX | QA Contact: | Frantisek Sumsal <fsumsal> |
| Severity: | low | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 8.4 | CC: | dtardon, msekleta, systemd-maint-list |
| Target Milestone: | beta | Keywords: | Improvement, Triaged |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2022-11-03 07:27:45 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
After evaluating this issue, there are no plans to address it further or fix it in an upcoming release. Therefore, it is being closed. If plans change such that this issue will be fixed in an upcoming release, then the bug can be reopened. |
Description of problem: Whenever a unitfile is created with options "User=" and/or "Group=" pointing to a group or user that has ID 65535, service fails to start with Bad Message logs: Example: Apr 02 15:00:01 hostname systemd[PID]: example.service: Failed to determine user credentials: Bad message Apr 02 15:00:01 hostname systemd[PID]: example.service: Failed at step USER spawning /usr/local/bin/example: Bad message Apr 02 15:00:01 hostname systemd[PID]: Received SIGCHLD from PID 320644 ((sleep)). Apr 02 15:00:01 hostname systemd[PID]: Child 320644 ((sleep)) died (code=exited, status=217/USER) Apr 02 15:00:01 hostname systemd[PID]: example.service: Child 320644 belongs to example.service. Apr 02 15:00:01 hostname systemd[PID]: example.service: Main process exited, code=exited, status=217/USER Apr 02 15:00:01 hostname systemd[PID]: example.service: Failed with result 'exit-code'. This also applies to systemd unit overrides on the same situation(GID and/or UID 65535). At src/basic/user-util.c, inside int get_user_creds() the validation happens inside the following if: if (uid) { if (!uid_is_valid(p->pw_uid)) return -EBADMSG; *uid = p->pw_uid; } if (gid) { if (!gid_is_valid(p->pw_gid)) return -EBADMSG; *gid = p->pw_gid; } The same file provides the MAX_UNSIGNED_SHORT(16bit -1) validation. Quoting the uid_is_valid() funcion: bool uid_is_valid(uid_t uid) { /* Also see POSIX IEEE Std 1003.1-2008, 2016 Edition, 3.436. */ /* Some libc APIs use UID_INVALID as special placeholder */ if (uid == (uid_t) UINT32_C(0xFFFFFFFF)) return false; /* A long time ago UIDs where 16bit, hence explicitly avoid the 16bit -1 too */ if (uid == (uid_t) UINT32_C(0xFFFF)) return false; return true; } Version-Release number of selected component (if applicable): systemd-239-31.el8_2.2.x86_64, but it also reproduces on newer 8.3 versions as tested on additional VMs. How reproducible: Every time Steps to Reproduce: 1. Create a custom systemd unitfile or unitfile override with "User=" and/or "Group=" with a username and/or group that uses ID 65535 2. Start the service. Actual results: "Failed to determine user credentials: Bad message" output followed by a "Main process exited, code=exited, status=217/USER" Expected results: Provide a better error handling message like "User %u has UID 65535" or "Group %g has GID 65535" Additional info: - Ongoing case with this bug: https://access.redhat.com/support/cases/#/case/02928936 - Ongoing KCS documenting this behavior: https://access.redhat.com/solutions/6009451 - Upstream systemd documentation: https://systemd.io/UIDS-GIDS/