Systemd version 323 rejects usernames starting with a digit (eg "0day"),
running the service with root privileges even though a corresponding user
This issue seems to have been introduced since systemd-229. Neither EL7 nor Fedora 24 is affected - not sure about 231/233.
For an attacker to exploit this they would need to influence the creation of a user and associated unit file on the system.
Created systemd tracking bugs for this issue:
Affects: fedora-all [bug 1468430]
For more information on the impact of numeric usernames in Red Hat Enterprise Linux, please see https://access.redhat.com/solutions/3103631