git.ipfire.org Git - thirdparty/systemd.git/commit

shared/specifier: fix %u/%U/%g/%G when called as unprivileged user

We would resolve those specifiers to the calling user/group. This is mostly OK
when done in the manager, because the manager generally operates as root
in system mode, and a non-root in user mode. It would still be wrong if
called with --test though. But in systemctl, this would be generally wrong,
since we can call 'systemctl --system' as a normal user, either for testing
or even for actual operation with '--root=…'.

When operating in --global mode, %u/%U/%g/%G should return an error.

The information whether we're operating in system mode, user mode, or global
mode is passed as the data pointer to specifier_group_name(), specifier_user_name(),
specifier_group_id(), specifier_user_id(). We can't use userdata, because
it's already used for other things.

author	Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>
	Wed, 9 Mar 2022 21:29:19 +0000 (22:29 +0100)
committer	Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>
	Mon, 28 Mar 2022 18:31:23 +0000 (20:31 +0200)
commit	8b3ad3983f5440eef812b34e5ed862ca59fdf7f7
tree	ff3834a23e0487afdf185085bc9eb9f7539be296	tree \| snapshot
parent	6677334fdbdcbc28baae88029936cac82fd40777	commit \| diff

src/core/unit-printf.c		diff \| blob \| blame \| history
src/shared/install-printf.c		diff \| blob \| blame \| history
src/shared/install-printf.h		diff \| blob \| blame \| history
src/shared/install.c		diff \| blob \| blame \| history
src/shared/specifier.c		diff \| blob \| blame \| history
src/shared/specifier.h		diff \| blob \| blame \| history
src/test/test-load-fragment.c		diff \| blob \| blame \| history
src/test/test-specifier.c		diff \| blob \| blame \| history
src/tmpfiles/tmpfiles.c		diff \| blob \| blame \| history
test/test-systemctl-enable.sh		diff \| blob \| blame \| history
test/test-systemd-tmpfiles.py		diff \| blob \| blame \| history