
Systemd can't handle the process privilege for username startswith number - edward
https://github.com/systemd/systemd/issues/6237
======
srett
I'm less and less surprised by the hate poettering gets. It's like he's
deliberately trying to be as arrogant and ignorant as possible. POSIX says
usernames starting with a digit should be fine. But because very few utils
have more restrictive rules, systemd arbitrarily follows them too, but reacts
in the most idiotic way possible if it considers a username invalid. Like last
time, when in his opinion, "rm -rf *" should have ascended into ".." and
shredded the whole file system, just like some systemd tool does. A bug?
Usability issue? No way. What the fuck is wrong with this guy? Since day one
of systemd he rallies the world advocating how all the existing init systems
are convoluted, full of hacks, hard to maintain while systemd is clean and
elegant, and then he seriously defends these insanely stupid unintuitive
behaviors? I just don't get it.

~~~
hahainternet
Are you reading the same thread as me? He replied explaining precisely why
this is an error and received nothing but hate for it, 40 thumbs downs.

On the other hand, you come here to uselessly complain and have the temerity
to complain that poettering doesn't write exactly the code you want him to
write.

How do you justify your ridiculous attitude?

~~~
detaro
Except it's less than clear that this is an "invalid username", as the
following comments discuss. (even leaving out things like "defaulting to
root")

~~~
hahainternet
> Except it's less than clear that this is an "invalid username"

Indeed, and once that was pointed out his response was equally polite and
accurate, offering a workaround which keeps everyone happy.

Literally, what more do people expect?

~~~
viraptor
Strict validation. If some option is not valid, fail loudly. And he still
fails to acknowledge this is a security issue. Here's a scenario for you:

You're running a SaaS which spawns restricted demons/containers per customer,
separating the users by assigning them local user accounts. One day, user
"0zero" registers and their account has access to your whole environment.
Would you expect this? Would you not classify this as a security issue?

~~~
ArneBab
Or maybe 0pointer → [http://0pointer.net/imprint](http://0pointer.net/imprint)

~~~
digi_owl
He seems to prefer various alcoholic drinks when posting not posting under his
own name though...

------
lysium
I don't understand how this could be considered not a bug. Clearly, the unit
was intended to run as 0day, not root. I must be missing something.

~~~
hug
Bugs are when software runs in a way other than the way the software is
intended to run by the developer.

If you define "usernames starting with numbers" as invalid, and then define
the behaviour of unit files with a user directive containing an invalid user
to run as root, then the behaviour is as expected, and is not a bug.

The fact the software doesn't do what any sensible user would expect is
completely irrelevant to it being a "bug" or not.

[edit: removed dig at poettering]

~~~
hahainternet
> The fact the software doesn't do what any sensible user would expect is
> completely irrelevant to Poettering.

Logs and error and continues? I think you're confused by Systemd exposing all
sorts of frailties of traditional software. How do you propose that it
differentiate between UIDs and user names?

~~~
garaetjjte
>How do you propose that it differentiate between UIDs and user names?

Maybe follow GNU coreutils, prefix ids with +
[https://www.gnu.org/software/coreutils/manual/html_node/Disa...](https://www.gnu.org/software/coreutils/manual/html_node/Disambiguating-
names-and-IDs.html)

~~~
hahainternet
I wasn't really asking for a suggestion, more pointing out that it isn't some
previously solved and agreed upon issue.

It's something that has to be picked, and the parent poster will undoubtedly
count as 'arrogance' for choosing a workaround.

------
NelsonMinar
The troubling thing here is the reaction of the systemd developer's of
"invalid input, so won't fix". Even if the input is invalid (and that's not at
all clear) in what world is "lol you're root now" a reasonable response?

------
haik90
from
[https://github.com/systemd/systemd/issues/6237#issuecomment-...](https://github.com/systemd/systemd/issues/6237#issuecomment-311900864)

Why he said 0day not valid user?

I create '0day' user on my computer without problem (Fedora 26 Beta, Debian 9)

useradd 0day $ id 0day uid=1003(0day) gid=1003(0day) groups=1003(0day)

~~~
lysium
In the thread someone mentions that adduser won't allow that.

~~~
mjw1007
That aspect of adduser, at least on my system, is explicitly configurable via
/etc/adduser.conf .

I don't think systemd (which is after all attempting to be universally
deployed) is entitled to assume that the system administrator hasn't changed
the default.

------
the_mitsuhiko
Sadly trolls already forced the issue locked but i feel like a sensible thing
to do would be to keep that behavior but change the default user for parsing
errors from root to nobody.

~~~
glogla
"Trolls" have not forced anythings - just standard systemd developer behavior.
They never make mistakes and everything is someone elses fault.

Systemd is running something as root because it doesn't like something in
configuration file, instead of returning error or running it under the correct
user. That's a huge WTF and a possible security issue, but alas. Systemd
doesn't make mistakes and everything is someone elses fault.

~~~
hahainternet
> "Trolls" have not forced anythings - just standard systemd developer
> behavior.

They've had to delete multiple posts from the thread which are nothing but
trolls, hell YOUR post is nothing but a troll.

~~~
rndgermandude
This is not true, I've seen the issue develop till it was closed. There were
like 2 posts removed, 1 might have been trollish, the other(s) were just
people voicing displeasure at general systemd dev behavior. That might be
offtopic and not polite, but it's not a troll either. And the OP you're
replying to falls into that snarky, impolite category too, but is not a troll.

~~~
digi_owl
sadly these days it is all too easy to stick fingers in ears and go "troll
troll troll" or "hater hater hater" than actually introspect.

Tempted to label it as a ripple effect of the rising SJW element in FOSS,
because both terms seems to attract that group in defense of the shouter
without concern for context.

------
ArneBab
Let’s assume you create a user account for "0pointer" →
[http://0pointer.net/imprint](http://0pointer.net/imprint)

If you can’t see the irony of granting the services of that user root access,
have a look at the imprint (the owner of that domain).

~~~
ArneBab
bug was closed, because not a problem.

