Bug 1956463 - Provide better error message for UID or GID 65535
Summary: Provide better error message for UID or GID 65535
Keywords:
Status: NEW
Alias: None
Product: Red Hat Enterprise Linux 8
Classification: Red Hat
Component: systemd
Version: 8.4
Hardware: All
OS: Linux
unspecified
low
Target Milestone: beta
: ---
Assignee: Michal Sekletar
QA Contact: Frantisek Sumsal
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2021-05-03 18:14 UTC by Nicolas Wildner
Modified: 2021-05-17 12:35 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:
Type: Bug
Target Upstream Version:


Attachments (Terms of Use)

Description Nicolas Wildner 2021-05-03 18:14:42 UTC
Description of problem:
Whenever a unitfile is created with options "User=" and/or "Group=" pointing to a group or user that has ID 65535, service fails to start with Bad Message logs:



Example:
Apr 02 15:00:01 hostname systemd[PID]: example.service: Failed to determine user credentials: Bad message
Apr 02 15:00:01 hostname systemd[PID]: example.service: Failed at step USER spawning /usr/local/bin/example: Bad message
Apr 02 15:00:01 hostname systemd[PID]: Received SIGCHLD from PID 320644 ((sleep)).
Apr 02 15:00:01 hostname systemd[PID]: Child 320644 ((sleep)) died (code=exited, status=217/USER)
Apr 02 15:00:01 hostname systemd[PID]: example.service: Child 320644 belongs to example.service.
Apr 02 15:00:01 hostname systemd[PID]: example.service: Main process exited, code=exited, status=217/USER
Apr 02 15:00:01 hostname systemd[PID]: example.service: Failed with result 'exit-code'.

This also applies to systemd unit overrides on the same situation(GID and/or UID 65535).

At src/basic/user-util.c, inside int get_user_creds() the validation happens inside the following if:

     if (uid) {
                if (!uid_is_valid(p->pw_uid))
                        return -EBADMSG;

                *uid = p->pw_uid;
        }

        if (gid) {
                if (!gid_is_valid(p->pw_gid))
                        return -EBADMSG;

                *gid = p->pw_gid;
        }


The same file provides the MAX_UNSIGNED_SHORT(16bit -1) validation. Quoting the uid_is_valid() funcion:

bool uid_is_valid(uid_t uid) {

        /* Also see POSIX IEEE Std 1003.1-2008, 2016 Edition, 3.436. */

        /* Some libc APIs use UID_INVALID as special placeholder */
        if (uid == (uid_t) UINT32_C(0xFFFFFFFF))
                return false;

        /* A long time ago UIDs where 16bit, hence explicitly avoid the 16bit -1 too */
        if (uid == (uid_t) UINT32_C(0xFFFF))
                return false;

        return true;
}



Version-Release number of selected component (if applicable):
systemd-239-31.el8_2.2.x86_64, but it also reproduces on newer 8.3 versions as tested on additional VMs.



How reproducible:
Every time



Steps to Reproduce:
1. Create a custom systemd unitfile or unitfile override with "User=" and/or "Group=" with a username and/or group that uses ID 65535
2. Start the service.



Actual results:

"Failed to determine user credentials: Bad message" output followed by a "Main process exited, code=exited, status=217/USER"



Expected results:

Provide a better error handling message like "User %u has UID 65535" or "Group %g has GID 65535"



Additional info:
 - Ongoing case with this bug: https://access.redhat.com/support/cases/#/case/02928936
 - Ongoing KCS documenting this behavior: https://access.redhat.com/solutions/6009451
 - Upstream systemd documentation: https://systemd.io/UIDS-GIDS/


Note You need to log in before you can comment on or make changes to this bug.