pid1: warn if people use User=nobody (#16293)
This commit is contained in:
parent
7143b95552
commit
bed0b7dfc0
4
TODO
4
TODO
|
@ -30,10 +30,6 @@ Features:
|
||||||
|
|
||||||
* if /usr/bin/swapoff fails due to OOM, log a friendly explanatory message about it
|
* if /usr/bin/swapoff fails due to OOM, log a friendly explanatory message about it
|
||||||
|
|
||||||
* warn if User=nobody is used in a unit file. It's the overflow UID after all,
|
|
||||||
and the service might thus get access to files it really should not get
|
|
||||||
access to on NFS and userns environments.
|
|
||||||
|
|
||||||
* build short web pages out of each catalog entry, build them along with man
|
* build short web pages out of each catalog entry, build them along with man
|
||||||
pages, and include hyperlinks to them in the journal output
|
pages, and include hyperlinks to them in the journal output
|
||||||
|
|
||||||
|
|
|
@ -464,3 +464,23 @@ system shutdown.
|
||||||
It is generally recommended to avoid such overly long mount point paths, or —
|
It is generally recommended to avoid such overly long mount point paths, or —
|
||||||
if used anyway – manage them independently of systemd, i.e. establish them as
|
if used anyway – manage them independently of systemd, i.e. establish them as
|
||||||
well as tear them down automatically at system shutdown by other software.
|
well as tear them down automatically at system shutdown by other software.
|
||||||
|
|
||||||
|
-- b480325f9c394a7b802c231e51a2752c
|
||||||
|
Subject: Special user @OFFENDING_USER@ configured, this is not safe!
|
||||||
|
Defined-By: systemd
|
||||||
|
Support: %SUPPORT_URL%
|
||||||
|
Documentation: https://systemd.io/UIDS-GIDS
|
||||||
|
|
||||||
|
The unit @UNIT@ is configured to use User=@OFFENDING_USER@.
|
||||||
|
|
||||||
|
This is not safe. The @OFFENDING_USER@ user's main purpose on Linux-based
|
||||||
|
operating systems is to be the owner of files that otherwise cannot be mapped
|
||||||
|
to any local user. It's used by the NFS client and Linux user namespacing,
|
||||||
|
among others. By running a unit's processes under the identity of this user
|
||||||
|
they might possibly get read and even write access to such files that cannot
|
||||||
|
otherwise be mapped.
|
||||||
|
|
||||||
|
It is strongly recommended to avoid running services under this user identity,
|
||||||
|
in particular on systems using NFS or running containers. Allocate a user ID
|
||||||
|
specific to this service, either statically via systemd-sysusers or dynamically
|
||||||
|
via the DynamicUser= service setting.
|
||||||
|
|
|
@ -13,6 +13,8 @@
|
||||||
#include <sched.h>
|
#include <sched.h>
|
||||||
#include <sys/resource.h>
|
#include <sys/resource.h>
|
||||||
|
|
||||||
|
#include "sd-messages.h"
|
||||||
|
|
||||||
#include "af-list.h"
|
#include "af-list.h"
|
||||||
#include "alloc-util.h"
|
#include "alloc-util.h"
|
||||||
#include "all-units.h"
|
#include "all-units.h"
|
||||||
|
@ -2287,6 +2289,15 @@ int config_parse_user_group_compat(
|
||||||
return -ENOEXEC;
|
return -ENOEXEC;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (strstr(lvalue, "User") && streq(k, NOBODY_USER_NAME))
|
||||||
|
log_struct(LOG_NOTICE,
|
||||||
|
"MESSAGE=%s:%u: Special user %s configured, this is not safe!", filename, line, k,
|
||||||
|
"UNIT=%s", unit,
|
||||||
|
"MESSAGE_ID=" SD_MESSAGE_NOBODY_USER_UNSUITABLE_STR,
|
||||||
|
"OFFENDING_USER=%s", k,
|
||||||
|
"CONFIG_FILE=%s", filename,
|
||||||
|
"CONFIG_LINE=%u", line);
|
||||||
|
|
||||||
return free_and_replace(*user, k);
|
return free_and_replace(*user, k);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -166,6 +166,10 @@ _SD_BEGIN_DECLARATIONS;
|
||||||
#define SD_MESSAGE_MOUNT_POINT_PATH_NOT_SUITABLE_STR \
|
#define SD_MESSAGE_MOUNT_POINT_PATH_NOT_SUITABLE_STR \
|
||||||
SD_ID128_MAKE_STR(1b,3b,b9,40,37,f0,4b,bf,81,02,8e,13,5a,12,d2,93)
|
SD_ID128_MAKE_STR(1b,3b,b9,40,37,f0,4b,bf,81,02,8e,13,5a,12,d2,93)
|
||||||
|
|
||||||
|
#define SD_MESSAGE_NOBODY_USER_UNSUITABLE SD_ID128_MAKE(b4,80,32,5f,9c,39,4a,7b,80,2c,23,1e,51,a2,75,2c)
|
||||||
|
#define SD_MESSAGE_NOBODY_USER_UNSUITABLE_STR \
|
||||||
|
SD_ID128_MAKE_STR(b4,80,32,5f,9c,39,4a,7b,80,2c,23,1e,51,a2,75,2c)
|
||||||
|
|
||||||
_SD_END_DECLARATIONS;
|
_SD_END_DECLARATIONS;
|
||||||
|
|
||||||
#endif
|
#endif
|
||||||
|
|
Loading…
Reference in New Issue