Compare commits

...

2 Commits

Author SHA1 Message Date
Florian Klink c74d150b96
Merge 1c7359c9f6 into 766d74fd8b 2024-11-25 14:28:13 +01:00
Florian Klink 1c7359c9f6 man: document footgun on SocketUser=
`SocketUser=` might have inconsistent results if they're inside a path
specified by `RuntimeDirectory=` (or any other directory option where
directories are chown'ed on startup).

Especially in the case of creating a socket-activated service that's
reachable for another user (the most common usecase for this option),
it feels prudent to document this caveat, considering how frequently
these unix domain sockets happen to be created in /run.

I just ran into this, and it seems
https://github.com/systemd/systemd/issues/8635 is at least another
documented case.
2024-04-26 18:32:24 +03:00
1 changed files with 6 additions and 1 deletions

View File

@ -378,7 +378,12 @@
sockets, FIFO nodes, and message queues are owned by the specified user and group. If unset (the
default), the nodes are owned by the root user/group (if run in system context) or the invoking
user/group (if run in user context). If only a user is specified but no group, then the group is
derived from the user's default group.</para>
derived from the user's default group.
Note that this might not have the desired effect if a socket happens to be inside a directory also
referred to in a <varname>RuntimeDirectory=</varname>, <varname>StateDirectory=</varname>,
<varname>CacheDirectory=</varname>, or <varname>LogsDirectory=</varname> of any service, due to the
change of ownership caused by these options.
</para>
<xi:include href="version-info.xml" xpointer="v214"/></listitem>
</varlistentry>