Bug#927911: systemd: Does not expand %h identifier in ExecStart

Michael Biebl biebl at debian.org
Thu Apr 25 10:28:43 BST 2019 

Am 25.04.19 um 11:09 schrieb Norbert Preining:
> Hi Michael,
> 
> On Thu, 25 Apr 2019, Michael Biebl wrote:
>> Looks like a duplicate of
>> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=868269
> 
> Indeed. Interesting that systemd changed the behaviour but it is not
> documented ... (well ... we know).
> 

Well, there are the following paragraphs from the systemd NEWS file

From v228
https://github.com/systemd/systemd/blob/master/NEWS#L3926

        * In unit files the behaviour of %u, %U, %h, %s has
          changed. These specifiers will now unconditionally resolve
          to the various user database fields of the user that the
          systemd instance is running as, instead of the user
          configured in the specific unit via User=. Note that this
          effectively doesn't change much, as resolving of these
          specifiers was already turned off in the --system instance
          of systemd, as we cannot do NSS lookups from PID 1. In the
          --user instance of systemd these specifiers where correctly
          resolved, but hardly made any sense, since the user instance
          lacks privileges to do user switches anyway, and User= is
          hence useless. Moreover, even in the --user instance of
          systemd behaviour was awkward as it would only take settings
          from User= assignment placed before the specifier into
          account. In order to unify and simplify the logic around
          this the specifiers will now always resolve to the
          credentials of the user invoking the manager (which in case
          of PID 1 is the root user).

From v209
https://github.com/systemd/systemd/blob/master/NEWS#L6855

        * %h, %s, %U specifier support is not available anymore when
          used in unit files for PID 1. This is because NSS calls are
          not safe from PID 1. They stay available for --user
          instances of systemd, and as special case for the root user.


>> Can you attach the full .service file please.
> 
> Here is the .in version that is then configure-d into the .service file

Thanks. So with the above, what you should get is that %h is resolved to
/root, as you run that service as a system service. Or is %h not
expanded at all?

-- 
Why is it that all of the instruments seeking intelligent life in the
universe are pointed away from Earth?

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://alioth-lists.debian.net/pipermail/pkg-systemd-maintainers/attachments/20190425/0f0a3456/attachment.sig>

More information about the Pkg-systemd-maintainers mailing list