In Wed, 5 Jul 2017, Reindl Harald wrote:
Am 05.07.2017 um 12:10 schrieb Michael Chapman:
On Wed, 5 Jul 2017, Colin Guthrie wrote:
> Reindl Harald wrote on 04/07/17 19:50:
> > > When new configuration options are added, the same unit file can
> > > almost always be used with older systemd, and it'll just warn &
> > > ignore
> > > the parts it doesn't understand. Similarly, various configuration
> > > options might be unavailable on some architectures and with some
> > > compilation options. The current behaviour of warn&ignore provides
> > > for "soft degradation" in those cases.
> >
> > frankly a new option on the left side is a completly different thing
> > than a invalid value - just silently continue with invalid values of
> > existing options is playing a danergous game in a crucial component
> > like
> > systemd
>
> It's a rare thing :p but I have to agree with you here!
>
> I'd say if "User=-notauser" then silently failing and using root is
> acceptable as per the usual semantics of "- prefix suppresses errors",
> but "User=notauser" should fail IMO.
I'm pretty sure you'll find that it does. Specifically, it will fail when
the child process for the command being executed attempts to map the
username to a UID.
The issue being discussed here is that systemd considers "0day" to be
_syntactically_ invalid for a username. See the valid_user_group_name()
function in basic/user-util.c.
yes and hence it should FAIL the service and not behave silently like the
left side of a param is unknown on a older version - a invalid VALUE in a
config has to fail until it's makred with a dash to silent be ignored in case
of errors
That's really not what the dash means.
In the various Exec*= directives, a dash means that the command is allowed
to fail. Similarly, in WorkingDirectory= the dash means the directory need
not exist.
I do not believe there are any cases where a dash is used to side-step
_syntactic_ validation, nor do I think there should be.
Really, you should just think of the dashes as being part of the syntax
for the directives that support them.
As far as directives like User= go, there _may_ be a use for dash to mean
"do not change UIDs if the username turns out to not actually exist"...
but I would strongly advise against it.
_______________________________________________
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/systemd-devel