Bug#966623: Please warn if User=nobody is used in service files
Michael Biebl
biebl at debian.org
Fri Jul 31 16:51:43 BST 2020
Package: lintian
Version: 2.85.0
Severity: wishlist
X-Debbugs-Cc: pkg-systemd-maintainers at lists.alioth.debian.org
Hi,
according to [1], there are quite a few packages which use
User=nobody (and Group=nogroup).
This is discouraged, and systemd v246 will now log a warning about this.
See https://github.com/systemd/systemd/blob/master/NEWS#L106
for the reasoning:
```
* If the service setting User= is set to the "nobody" user, a warning
message is now written to the logs (but the value is nonetheless
accepted). Setting User=nobody is unsafe, since the primary purpose
of the "nobody" user is to own all files whose owner cannot be mapped
locally. It's in particular used by the NFS subsystem and in user
namespacing. By running a service under this user's UID it might get
read and even write access to all these otherwise unmappable files,
which is quite likely a major security problem.
```
It's preferrable to create a dedicated system user (and group) for
individual services, to not get accidental access for stuff they are not
supposed to be able to access.
For some services, DynamicUser=true might be an option. This would
alleviate the need for manually creating a system user.
https://www.freedesktop.org/software/systemd/man/systemd.exec.html#DynamicUser=
Regards,
Michael
[1] https://codesearch.debian.net/search?q=User%3Dnobody&literal=1&perpkg=1
-- System Information:
Debian Release: bullseye/sid
APT prefers unstable
APT policy: (500, 'unstable'), (200, 'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 5.7.0-2-amd64 (SMP w/4 CPU threads)
Kernel taint flags: TAINT_FIRMWARE_WORKAROUND
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages lintian depends on:
ii binutils 2.35-1
ii bzip2 1.0.8-4
ii diffstat 1.63-1
ii dpkg 1.20.5
ii dpkg-dev 1.20.5
ii file 1:5.38-5
ii gettext 0.19.8.1-10
ii gpg 2.2.20-1
ii intltool-debian 0.35.0+20060710.5
ii libapt-pkg-perl 0.1.36+b3
ii libarchive-zip-perl 1.68-1
ii libcapture-tiny-perl 0.48-1
ii libclass-xsaccessor-perl 1.19-3+b5
ii libclone-perl 0.45-1
ii libconfig-tiny-perl 2.24-1
ii libcpanel-json-xs-perl 4.19-1
ii libdata-dpath-perl 0.58-1
ii libdata-validate-domain-perl 0.10-1
ii libdevel-size-perl 0.83-1+b1
ii libdigest-sha-perl 6.02-1+b2
ii libdpkg-perl 1.20.5
ii libemail-address-xs-perl 1.04-1+b2
ii libfile-basedir-perl 0.08-1
ii libfile-find-rule-perl 0.34-1
ii libfont-ttf-perl 1.06-1
ii libhtml-parser-perl 3.72-5
ii libio-async-loop-epoll-perl 0.21-1
ii libio-async-perl 0.77-3
ii libjson-maybexs-perl 1.004002-1
ii liblist-compare-perl 0.53-1
ii liblist-moreutils-perl 0.416-1+b5
ii liblist-utilsby-perl 0.11-1
ii libmoo-perl 2.004000-1
ii libmoox-aliases-perl 0.001006-1
ii libnamespace-clean-perl 0.27-1
ii libpath-tiny-perl 0.114-1
ii libsereal-decoder-perl 4.017+ds-1
ii libsereal-encoder-perl 4.017+ds-1
ii libtext-levenshteinxs-perl 0.03-4+b7
ii libtext-xslate-perl 3.5.8-1
ii libtime-duration-perl 1.21-1
ii libtime-moment-perl 0.44-1+b2
ii libtimedate-perl 2.3300-1
ii libtry-tiny-perl 0.30-1
ii libtype-tiny-perl 1.010002-1
ii libunicode-utf8-perl 0.62-1+b1
ii liburi-perl 1.76-2
ii libxml-libxml-perl 2.0134+dfsg-2
ii libxml-writer-perl 0.625-1
ii libyaml-libyaml-perl 0.82+repack-1
ii man-db 2.9.3-2
ii patchutils 0.4.2-1
ii perl [libdigest-sha-perl] 5.30.3-4
ii t1utils 1.41-4
ii xz-utils 5.2.4-1+b1
Versions of packages lintian recommends:
ii libperlio-gzip-perl 0.19-1+b6
Versions of packages lintian suggests:
pn binutils-multiarch <none>
ii libtext-template-perl 1.59-1
-- no debconf information
More information about the Pkg-systemd-maintainers
mailing list