Skip to content

Commit ae480f0

Browse files
keszybzkeszybz
committed
shared/user-util: allow usernames with dots in specific fields
People do have usernames with dots, and it makes them very unhappy that systemd doesn't like their that. It seems that there is no actual problem with allowing dots in the username. In particular chown declares ":" as the official separator, and internally in systemd we never rely on "." as the seperator between user and group (nor do we call chown directly). Using dots in the name is probably not a very good idea, but we don't need to care. Debian tools (adduser) do not allow users with dots to be created. This patch allows *existing* names with dots to be used in User, Group, SupplementaryGroups, SocketUser, SocketGroup fields, both in unit files and on the command line. DynamicUsers and sysusers still follow the strict policy. user@.service and tmpfiles already allowed arbitrary user names, and this remains unchanged. Fixes systemd#12754.
1 parent 1a29610 commit ae480f0

File tree

7 files changed

+18
-18
lines changed

7 files changed

+18
-18
lines changed

src/core/dbus-execute.c

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -1187,10 +1187,10 @@ int bus_exec_context_set_transient_property(
11871187
flags |= UNIT_PRIVATE;
11881188

11891189
if (streq(name, "User"))
1190-
return bus_set_transient_user(u, name, &c->user, message, flags, error);
1190+
return bus_set_transient_user_compat(u, name, &c->user, message, flags, error);
11911191

11921192
if (streq(name, "Group"))
1193-
return bus_set_transient_user(u, name, &c->group, message, flags, error);
1193+
return bus_set_transient_user_compat(u, name, &c->group, message, flags, error);
11941194

11951195
if (streq(name, "TTYPath"))
11961196
return bus_set_transient_path(u, name, &c->tty_path, message, flags, error);
@@ -1369,7 +1369,7 @@ int bus_exec_context_set_transient_property(
13691369
return r;
13701370

13711371
STRV_FOREACH(p, l)
1372-
if (!isempty(*p) && !valid_user_group_name_or_id(*p))
1372+
if (!isempty(*p) && !valid_user_group_name_or_id_compat(*p))
13731373
return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS,
13741374
"Invalid supplementary group names");
13751375

src/core/dbus-socket.c

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -277,10 +277,10 @@ static int bus_socket_set_transient_property(
277277
return bus_set_transient_fdname(u, name, &s->fdname, message, flags, error);
278278

279279
if (streq(name, "SocketUser"))
280-
return bus_set_transient_user(u, name, &s->user, message, flags, error);
280+
return bus_set_transient_user_compat(u, name, &s->user, message, flags, error);
281281

282282
if (streq(name, "SocketGroup"))
283-
return bus_set_transient_user(u, name, &s->group, message, flags, error);
283+
return bus_set_transient_user_compat(u, name, &s->group, message, flags, error);
284284

285285
if (streq(name, "BindIPv6Only"))
286286
return bus_set_transient_bind_ipv6_only(u, name, &s->bind_ipv6_only, message, flags, error);

src/core/dbus-util.c

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -30,7 +30,7 @@ int bus_property_get_triggered_unit(
3030

3131
BUS_DEFINE_SET_TRANSIENT(mode_t, "u", uint32_t, mode_t, "%040o");
3232
BUS_DEFINE_SET_TRANSIENT(unsigned, "u", uint32_t, unsigned, "%" PRIu32);
33-
BUS_DEFINE_SET_TRANSIENT_STRING_WITH_CHECK(user, valid_user_group_name_or_id);
33+
BUS_DEFINE_SET_TRANSIENT_STRING_WITH_CHECK(user_compat, valid_user_group_name_or_id_compat);
3434
BUS_DEFINE_SET_TRANSIENT_STRING_WITH_CHECK(path, path_is_absolute);
3535

3636
int bus_set_transient_string(

src/core/dbus-util.h

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -235,7 +235,7 @@ int bus_property_get_triggered_unit(sd_bus *bus, const char *path, const char *i
235235

236236
int bus_set_transient_mode_t(Unit *u, const char *name, mode_t *p, sd_bus_message *message, UnitWriteFlags flags, sd_bus_error *error);
237237
int bus_set_transient_unsigned(Unit *u, const char *name, unsigned *p, sd_bus_message *message, UnitWriteFlags flags, sd_bus_error *error);
238-
int bus_set_transient_user(Unit *u, const char *name, char **p, sd_bus_message *message, UnitWriteFlags flags, sd_bus_error *error);
238+
int bus_set_transient_user_compat(Unit *u, const char *name, char **p, sd_bus_message *message, UnitWriteFlags flags, sd_bus_error *error);
239239
int bus_set_transient_path(Unit *u, const char *name, char **p, sd_bus_message *message, UnitWriteFlags flags, sd_bus_error *error);
240240
int bus_set_transient_string(Unit *u, const char *name, char **p, sd_bus_message *message, UnitWriteFlags flags, sd_bus_error *error);
241241
int bus_set_transient_bool(Unit *u, const char *name, bool *p, sd_bus_message *message, UnitWriteFlags flags, sd_bus_error *error);

src/core/load-fragment-gperf.gperf.m4

Lines changed: 5 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -25,9 +25,9 @@ m4_define(`EXEC_CONTEXT_CONFIG_ITEMS',
2525
`$1.WorkingDirectory, config_parse_working_directory, 0, offsetof($1, exec_context)
2626
$1.RootDirectory, config_parse_unit_path_printf, true, offsetof($1, exec_context.root_directory)
2727
$1.RootImage, config_parse_unit_path_printf, true, offsetof($1, exec_context.root_image)
28-
$1.User, config_parse_user_group, 0, offsetof($1, exec_context.user)
29-
$1.Group, config_parse_user_group, 0, offsetof($1, exec_context.group)
30-
$1.SupplementaryGroups, config_parse_user_group_strv, 0, offsetof($1, exec_context.supplementary_groups)
28+
$1.User, config_parse_user_group_compat, 0, offsetof($1, exec_context.user)
29+
$1.Group, config_parse_user_group_compat, 0, offsetof($1, exec_context.group)
30+
$1.SupplementaryGroups, config_parse_user_group_strv_compat, 0, offsetof($1, exec_context.supplementary_groups)
3131
$1.Nice, config_parse_exec_nice, 0, offsetof($1, exec_context)
3232
$1.OOMScoreAdjust, config_parse_exec_oom_score_adjust, 0, offsetof($1, exec_context)
3333
$1.IOSchedulingClass, config_parse_exec_io_class, 0, offsetof($1, exec_context)
@@ -365,8 +365,8 @@ Socket.ExecStartPost, config_parse_exec, SOCKET_EXEC
365365
Socket.ExecStopPre, config_parse_exec, SOCKET_EXEC_STOP_PRE, offsetof(Socket, exec_command)
366366
Socket.ExecStopPost, config_parse_exec, SOCKET_EXEC_STOP_POST, offsetof(Socket, exec_command)
367367
Socket.TimeoutSec, config_parse_sec_fix_0, 0, offsetof(Socket, timeout_usec)
368-
Socket.SocketUser, config_parse_user_group, 0, offsetof(Socket, user)
369-
Socket.SocketGroup, config_parse_user_group, 0, offsetof(Socket, group)
368+
Socket.SocketUser, config_parse_user_group_compat, 0, offsetof(Socket, user)
369+
Socket.SocketGroup, config_parse_user_group_compat, 0, offsetof(Socket, group)
370370
Socket.SocketMode, config_parse_mode, 0, offsetof(Socket, socket_mode)
371371
Socket.DirectoryMode, config_parse_mode, 0, offsetof(Socket, directory_mode)
372372
Socket.Accept, config_parse_bool, 0, offsetof(Socket, accept)

src/core/load-fragment.c

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -2004,7 +2004,7 @@ int config_parse_sec_fix_0(
20042004
return 0;
20052005
}
20062006

2007-
int config_parse_user_group(
2007+
int config_parse_user_group_compat(
20082008
const char *unit,
20092009
const char *filename,
20102010
unsigned line,
@@ -2037,15 +2037,15 @@ int config_parse_user_group(
20372037
return -ENOEXEC;
20382038
}
20392039

2040-
if (!valid_user_group_name_or_id(k)) {
2040+
if (!valid_user_group_name_or_id_compat(k)) {
20412041
log_syntax(unit, LOG_ERR, filename, line, 0, "Invalid user/group name or numeric ID: %s", k);
20422042
return -ENOEXEC;
20432043
}
20442044

20452045
return free_and_replace(*user, k);
20462046
}
20472047

2048-
int config_parse_user_group_strv(
2048+
int config_parse_user_group_strv_compat(
20492049
const char *unit,
20502050
const char *filename,
20512051
unsigned line,
@@ -2091,7 +2091,7 @@ int config_parse_user_group_strv(
20912091
return -ENOEXEC;
20922092
}
20932093

2094-
if (!valid_user_group_name_or_id(k)) {
2094+
if (!valid_user_group_name_or_id_compat(k)) {
20952095
log_syntax(unit, LOG_ERR, filename, line, 0, "Invalid user/group name or numeric ID: %s", k);
20962096
return -ENOEXEC;
20972097
}

src/core/load-fragment.h

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -99,8 +99,8 @@ CONFIG_PARSER_PROTOTYPE(config_parse_exec_utmp_mode);
9999
CONFIG_PARSER_PROTOTYPE(config_parse_working_directory);
100100
CONFIG_PARSER_PROTOTYPE(config_parse_fdname);
101101
CONFIG_PARSER_PROTOTYPE(config_parse_sec_fix_0);
102-
CONFIG_PARSER_PROTOTYPE(config_parse_user_group);
103-
CONFIG_PARSER_PROTOTYPE(config_parse_user_group_strv);
102+
CONFIG_PARSER_PROTOTYPE(config_parse_user_group_compat);
103+
CONFIG_PARSER_PROTOTYPE(config_parse_user_group_strv_compat);
104104
CONFIG_PARSER_PROTOTYPE(config_parse_restrict_namespaces);
105105
CONFIG_PARSER_PROTOTYPE(config_parse_bind_paths);
106106
CONFIG_PARSER_PROTOTYPE(config_parse_exec_keyring_mode);

0 commit comments

Comments
 (0)