From: Zbigniew Jędrzejewski-Szmek Date: Mon, 9 Feb 2026 11:02:03 +0000 (+0100) Subject: networkd: downgrade error for non-system users/groups to a warning X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=f6c8c89ff7a0fd5601dc44846284c3de4f937efa;p=thirdparty%2Fsystemd.git networkd: downgrade error for non-system users/groups to a warning This reverts (in spirit) "network/tuntap: deny from owning Tun/Tap interfaces", commit 940441b44c7040d62ae58b66bf124e9a0dae578d. Justification similar as in the previous commit. The check is only partially connected to the intended purpose and breaks backwards compat without a sufficient reason. Alternative fix for #37279. --- diff --git a/NEWS b/NEWS index 6ce07c82cb5..c40396356cb 100644 --- a/NEWS +++ b/NEWS @@ -674,8 +674,8 @@ CHANGES WITH 258: owned by a non-system user/group. It is recommended to check udev rules files with 'udevadm verify' and/or 'udevadm test' commands if the specified user/group in OWNER=/GROUP= are valid. - Similarly, systemd-networkd refuses User=/Group= settings with a - non-system user/group specified in .netdev files for Tun/Tap + Similarly, systemd-networkd will warn about User=/Group= settings + with a non-system user/group specified in .netdev files for Tun/Tap interfaces. * systemd-cryptenroll, systemd-repart and systemd-creds no longer diff --git a/catalog/systemd.catalog.in b/catalog/systemd.catalog.in index 911254ceb92..473edf2f07b 100644 --- a/catalog/systemd.catalog.in +++ b/catalog/systemd.catalog.in @@ -989,15 +989,15 @@ will fail. Subject: Non-system user or group used for device ownership Defined-By: systemd Support: %SUPPORT_URL% -Documentation: man:systemd(1) systemd-udevd(8) - -The ownership of a device managed by systemd-udevd is assigned to a "regular" -(non-system) user or group. This is currently allowed for compatibility, but is -deprecated and discouraged. Ownership of a device node grants the privileges to -change ACLs, the group, access mode, or set labels or extended attributes, -which creates a conflict of management, because both udev and the user are in -power to change these attributes. In addition, device nodes appear early in -boot, while regular users may appear only later. +Documentation: man:systemd(1) systemd-udevd(8) systemd-networkd(8) + +The ownership of a device managed by systemd-udevd or systemd-networkd is +assigned to a "regular" (non-system) user or group. This is currently allowed +for compatibility, but is deprecated and discouraged. Ownership of a device +node grants the privileges to change ACLs, the group, access mode, or set +labels or extended attributes, which creates a conflict of management, because +both udev and the user are in power to change these attributes. In addition, +device nodes appear early in boot, while regular users may appear only later. For devices managed by systemd-udevd, it is instead recommended to use the "uaccess"/"xaccess" mechanisms to grant limited and temporary access to device diff --git a/man/systemd.netdev.xml b/man/systemd.netdev.xml index 415feea0466..6a84b7a648c 100644 --- a/man/systemd.netdev.xml +++ b/man/systemd.netdev.xml @@ -2019,16 +2019,18 @@ Ports=eth2 User= - User to grant access to the /dev/net/tun device. The specified - user must be a system user. + User to grant access to the /dev/net/tun device. + Note that the user must be resolvable during early boot. Using non-system users + is deprecated. Group= - Group to grant access to the /dev/net/tun device. The specified - group must be a system group. + Group to grant access to the /dev/net/tun device. + Note that the group must be resolvable during early boot. Using non-system groups + is deprecated. diff --git a/src/network/netdev/netdev.h b/src/network/netdev/netdev.h index afc252480c9..be8a05b70d9 100644 --- a/src/network/netdev/netdev.h +++ b/src/network/netdev/netdev.h @@ -258,6 +258,16 @@ const struct ConfigPerfItem* network_netdev_gperf_lookup(const char *str, GPERF_ /* Macros which append INTERFACE= to the message */ +#define log_netdev_syntax(netdev, level, message_id, fmt, ...) \ + ({ \ + const NetDev *_n = (netdev); \ + const char *_ifname = _n ? _n->ifname : NULL; \ + log_struct(level, \ + LOG_MESSAGE(fmt, __VA_ARGS__), \ + LOG_MESSAGE_ID(message_id), \ + LOG_ITEM("INTERFACE=%s", strempty(_ifname))); \ + }) + #define log_netdev_full_errno_zerook(netdev, level, error, ...) \ ({ \ const NetDev *_n = (netdev); \ diff --git a/src/network/netdev/tuntap.c b/src/network/netdev/tuntap.c index 12884588190..25195680f62 100644 --- a/src/network/netdev/tuntap.c +++ b/src/network/netdev/tuntap.c @@ -6,6 +6,8 @@ #include #include +#include "sd-messages.h" + #include "alloc-util.h" #include "daemon-util.h" #include "fd-util.h" @@ -14,6 +16,7 @@ #include "socket-util.h" #include "string-util.h" #include "tuntap.h" +#include "uid-classification.h" #include "user-record.h" #include "user-util.h" #include "userdb.h" @@ -236,27 +239,43 @@ static int tuntap_verify(NetDev *netdev, const char *filename) { if (t->user_name) { _cleanup_(user_record_unrefp) UserRecord *ur = NULL; - r = userdb_by_name(t->user_name, &USERDB_MATCH_ROOT_AND_SYSTEM, + r = userdb_by_name(t->user_name, /* match = */ NULL, USERDB_SUPPRESS_SHADOW | USERDB_PARSE_NUMERIC, &ur); if (r < 0) log_netdev_warning_errno(netdev, r, "Cannot resolve user name '%s', ignoring: %s", t->user_name, STRERROR_USER(r)); - else + else { + if (!uid_is_system(ur->uid)) + log_netdev_syntax(netdev, LOG_WARNING, + SD_MESSAGE_SYSTEM_ACCOUNT_REQUIRED_STR, + "User '%s' configured as owner is not a system user. " + "Support for device node ownership by non-system accounts is deprecated and will be removed in the future.", + t->user_name); + t->uid = ur->uid; + } } if (t->group_name) { _cleanup_(group_record_unrefp) GroupRecord *gr = NULL; - r = groupdb_by_name(t->group_name, &USERDB_MATCH_ROOT_AND_SYSTEM, + r = groupdb_by_name(t->group_name, /* match = */ NULL, USERDB_SUPPRESS_SHADOW | USERDB_PARSE_NUMERIC, &gr); if (r < 0) log_netdev_warning_errno(netdev, r, "Cannot resolve group name '%s', ignoring: %s", t->group_name, STRERROR_GROUP(r)); - else + else { + if (!gid_is_system(gr->gid)) + log_netdev_syntax(netdev, LOG_WARNING, + SD_MESSAGE_SYSTEM_ACCOUNT_REQUIRED_STR, + "Group '%s' configured as owner is not a system group. " + "Support for device node ownership by non-system accounts is deprecated and will be removed in the future.", + t->group_name); + t->gid = gr->gid; + } } return 0;