:: Re: [DNG] systemd allows elevated a…
Góra strony
Delete this message
Reply to this message
Autor: Alessandro Selli
Data:  
Dla: dng
Temat: Re: [DNG] systemd allows elevated access from unit files?
On Tue, 4 Jul 2017 at 09:38:36 +0200
Giovanni Rapagnani <tjs434@???> wrote:

>
>
> On 03/07/17 18:23, Joachim Fahrner wrote:
>> Am 2017-07-03 17:34, schrieb dev:
>>> useradd and adduser work differently. One allows it, the other does not.
>>> Just thought 'why not make them work the same?'. That's all.
>>
>> That's right, that's a bug. They should work the same, and they should
>> follow POSIX-rules, not Poettering-rules.
>
> I do not agree. useradd and adduser are not the same thing:
> - useradd is a low level utility for adding users
> - adduser is a front-end for the low level tool useradd. adduser works
> in conjuction with the configuration defined inside /etc/adduser.conf
>
> /etc/adduser.conf has a configuration variable called NAME_REGEX.
> username passed to adduser are checked against NAME_REGEX.
>
> NAME_REGEX allow to be more restrictive than POSIX, however it does not
> allow to be more permissive.
>
> Hence, if one wants adduser to work as useradd when it comes to username
> validity check, one just need to set the NAME_REGEX variable accordingly.


I still think it's a bug that systemd runs a process as root when adduser is
configured to prevent creation of a user with a given name but such a user
does exist. systemd ought to default to "nobody" were there issues
determining what user a process should be run as.



--
Alessandro Selli http://alessandro.route-add.net
VOIP SIP: dhatarattha@???
Chiavi PGP/GPG keys: B7FD89FD, 4A904FD9