Bug#927953: systemd: user and group files ignored in tmpfiles.d files

[Florian Schmidt]

Package: systemd
Version: 215-17+deb8u12
Severity: important

Dear Maintainer,

it seems the recent security update led to systemd ignoring the user and
group columns in tmpfiles.d files. This immediately leads to postgresql
in the current oldstable version (postgresql-9.4 9.4.21-0+deb8u1,
postgresql-common 165+deb8u3) breaking on reboot.

This is /usr/lib/tmpfiles.d/postgrestql.conf from
postgresql-common 165+deb8u3:
# Directory for PostgreSQL sockets, lockfiles and stats tempfiles
d /var/run/postgresql 2775 postgres postgres - -

User and group postgres exist on the system. However, after reboot,
/var/run/postgresql has root:root as owner:

# stat /var/run/postgresql
  File: ‘/var/run/postgresql’
  Size: 60        	Blocks: 0          IO Block: 4096   directory
Device: eh/14d	Inode: 9690        Links: 3
Access: (0775/drwxrwxr-x)  Uid: (    0/    root)   Gid: (    0/    root)
Access: 2019-04-25 13:19:45.279148802 +0200
Modify: 2019-04-25 13:19:48.963148802 +0200
Change: 2019-04-25 13:19:48.963148802 +0200
 Birth: -

This means postgres can't write its lock file in that directory, and
fails to start:

# systemctl status postgresql at 9.4-main.service -l
● postgresql at 9.4-main.service - PostgreSQL Cluster 9.4-main
   Loaded: loaded (/lib/systemd/system/postgresql at .service; disabled)
   Active: failed (Result: exit-code) since Thu 2019-04-25 13:19:49 CEST; 15s ago
  Process: 352 ExecStart=postgresql@%i %i start (code=exited, status=1/FAILURE)

Apr 25 13:19:49 [server] postgresql at 9.4-main[352]: The PostgreSQL server failed to start. Please check the log output:
Apr 25 13:19:49 [server] postgresql at 9.4-main[352]: 2019-04-25 11:19:49 UTC [390-1] FATAL:  could not create lock file "/var/run/postgresql/.s.PGSQL.5432.lock": Permission denied
Apr 25 13:19:49 [server] systemd[1]: postgresql at 9.4-main.service: control process exited, code=exited status=1
Apr 25 13:19:49 [server] systemd[1]: Failed to start PostgreSQL Cluster 9.4-main.
Apr 25 13:19:49 [server] systemd[1]: Unit postgresql at 9.4-main.service entered failed state.



I wonder whether that has something to do with the following item in the
change log:

   * CVE-2017-18078: tmpfiles: refuse to chown()/chmod() files which are
     hardlinked, unless protected_hardlinks sysctl is on.

Though protected_hardlinks is on:

# cat /proc/sys/fs/protected_hardlinks 
1

And a directory can't be hardlinked anyway, so the relationship to that
change log entry might be a red herring.


-- Package-specific info:

-- System Information:
Debian Release: 8.11
  APT prefers oldstable-updates
  APT policy: (500, 'oldstable-updates'), (500, 'oldstable')
Architecture: amd64 (x86_64)

Kernel: Linux 3.16.0-8-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) (ignored: LC_ALL set to en_US.UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages systemd depends on:
ii  acl             2.2.52-2
ii  adduser         3.113+nmu3
ii  initscripts     2.88dsf-59
ii  libacl1         2.2.52-2
ii  libaudit1       1:2.4-1+b1
ii  libblkid1       2.25.2-6
ii  libc6           2.19-18+deb8u10
ii  libcap2         1:2.24-8
ii  libcap2-bin     1:2.24-8
ii  libcryptsetup4  2:1.6.6-5
ii  libgcrypt20     1.6.3-2+deb8u5
ii  libkmod2        18-3
ii  liblzma5        5.1.1alpha+20120614-2+b3
ii  libpam0g        1.1.8-3.1+deb8u2+b1
ii  libselinux1     2.3-2
ii  libsystemd0     215-17+deb8u12
ii  mount           2.25.2-6
ii  sysv-rc         2.88dsf-59
ii  udev            215-17+deb8u12
ii  util-linux      2.25.2-6

Versions of packages systemd recommends:
ii  dbus            1.8.22-0+deb8u1
pn  libpam-systemd  <none>

Versions of packages systemd suggests:
pn  systemd-ui  <none>

-- Configuration Files:
/etc/systemd/timesyncd.conf changed [not included]

-- no debconf information