owned by a non-system user/group. It is recommended to check udev
rules files with 'udevadm verify' and/or 'udevadm test' commands if
the specified user/group in OWNER=/GROUP= are valid.
- Similarly, systemd-networkd refuses User=/Group= settings with a
- non-system user/group specified in .netdev files for Tun/Tap
+ Similarly, systemd-networkd will warn about User=/Group= settings
+ with a non-system user/group specified in .netdev files for Tun/Tap
interfaces.
* systemd-cryptenroll, systemd-repart and systemd-creds no longer
Subject: Non-system user or group used for device ownership
Defined-By: systemd
Support: %SUPPORT_URL%
-Documentation: man:systemd(1) systemd-udevd(8)
-
-The ownership of a device managed by systemd-udevd is assigned to a "regular"
-(non-system) user or group. This is currently allowed for compatibility, but is
-deprecated and discouraged. Ownership of a device node grants the privileges to
-change ACLs, the group, access mode, or set labels or extended attributes,
-which creates a conflict of management, because both udev and the user are in
-power to change these attributes. In addition, device nodes appear early in
-boot, while regular users may appear only later.
+Documentation: man:systemd(1) systemd-udevd(8) systemd-networkd(8)
+
+The ownership of a device managed by systemd-udevd or systemd-networkd is
+assigned to a "regular" (non-system) user or group. This is currently allowed
+for compatibility, but is deprecated and discouraged. Ownership of a device
+node grants the privileges to change ACLs, the group, access mode, or set
+labels or extended attributes, which creates a conflict of management, because
+both udev and the user are in power to change these attributes. In addition,
+device nodes appear early in boot, while regular users may appear only later.
For devices managed by systemd-udevd, it is instead recommended to use the
"uaccess"/"xaccess" mechanisms to grant limited and temporary access to device
</varlistentry>
<varlistentry>
<term><varname>User=</varname></term>
- <listitem><para>User to grant access to the <filename>/dev/net/tun</filename> device. The specified
- user must be a system user.</para>
+ <listitem><para>User to grant access to the <filename>/dev/net/tun</filename> device.
+ Note that the user must be resolvable during early boot. Using non-system users
+ is deprecated.</para>
<xi:include href="version-info.xml" xpointer="v215"/>
</listitem>
</varlistentry>
<varlistentry>
<term><varname>Group=</varname></term>
- <listitem><para>Group to grant access to the <filename>/dev/net/tun</filename> device. The specified
- group must be a system group.</para>
+ <listitem><para>Group to grant access to the <filename>/dev/net/tun</filename> device.
+ Note that the group must be resolvable during early boot. Using non-system groups
+ is deprecated.</para>
<xi:include href="version-info.xml" xpointer="v215"/>
</listitem>
/* Macros which append INTERFACE= to the message */
+#define log_netdev_syntax(netdev, level, message_id, fmt, ...) \
+ ({ \
+ const NetDev *_n = (netdev); \
+ const char *_ifname = _n ? _n->ifname : NULL; \
+ log_struct(level, \
+ LOG_MESSAGE(fmt, __VA_ARGS__), \
+ LOG_MESSAGE_ID(message_id), \
+ LOG_ITEM("INTERFACE=%s", strempty(_ifname))); \
+ })
+
#define log_netdev_full_errno_zerook(netdev, level, error, ...) \
({ \
const NetDev *_n = (netdev); \
#include <net/if_arp.h>
#include <sys/ioctl.h>
+#include "sd-messages.h"
+
#include "alloc-util.h"
#include "daemon-util.h"
#include "fd-util.h"
#include "socket-util.h"
#include "string-util.h"
#include "tuntap.h"
+#include "uid-classification.h"
#include "user-record.h"
#include "user-util.h"
#include "userdb.h"
if (t->user_name) {
_cleanup_(user_record_unrefp) UserRecord *ur = NULL;
- r = userdb_by_name(t->user_name, &USERDB_MATCH_ROOT_AND_SYSTEM,
+ r = userdb_by_name(t->user_name, /* match = */ NULL,
USERDB_SUPPRESS_SHADOW | USERDB_PARSE_NUMERIC,
&ur);
if (r < 0)
log_netdev_warning_errno(netdev, r, "Cannot resolve user name '%s', ignoring: %s",
t->user_name, STRERROR_USER(r));
- else
+ else {
+ if (!uid_is_system(ur->uid))
+ log_netdev_syntax(netdev, LOG_WARNING,
+ SD_MESSAGE_SYSTEM_ACCOUNT_REQUIRED_STR,
+ "User '%s' configured as owner is not a system user. "
+ "Support for device node ownership by non-system accounts is deprecated and will be removed in the future.",
+ t->user_name);
+
t->uid = ur->uid;
+ }
}
if (t->group_name) {
_cleanup_(group_record_unrefp) GroupRecord *gr = NULL;
- r = groupdb_by_name(t->group_name, &USERDB_MATCH_ROOT_AND_SYSTEM,
+ r = groupdb_by_name(t->group_name, /* match = */ NULL,
USERDB_SUPPRESS_SHADOW | USERDB_PARSE_NUMERIC,
&gr);
if (r < 0)
log_netdev_warning_errno(netdev, r, "Cannot resolve group name '%s', ignoring: %s",
t->group_name, STRERROR_GROUP(r));
- else
+ else {
+ if (!gid_is_system(gr->gid))
+ log_netdev_syntax(netdev, LOG_WARNING,
+ SD_MESSAGE_SYSTEM_ACCOUNT_REQUIRED_STR,
+ "Group '%s' configured as owner is not a system group. "
+ "Support for device node ownership by non-system accounts is deprecated and will be removed in the future.",
+ t->group_name);
+
t->gid = gr->gid;
+ }
}
return 0;
projects / thirdparty / systemd.git / commitdiff
