pid1: by default make user units inherit their umask from the user manager
This patch changes the way user managers set the default umask for the units it
manages.
Indeed one can expect that if user manager's umask is redefined through PAM
(via /etc/login.defs or pam_umask), all its children including the units it
spawns have their umask set to the new value.
Hence make user units inherit their umask value from their parent instead of
the hard coded value 0022 but allow them to override this value via their unit
file.
Note that reexecuting managers with 'systemctl daemon-reexec' after changing
UMask= has no effect. To take effect managers need to be restarted with
'systemct restart' instead. This behavior was already present before this
patch.
Fixes #6077.
(cherry picked from commit
5e37d1930b41b24c077ce37c6db0e36c745106c7)
Gbp-Pq: Name pid1-by-default-make-user-units-inherit-their-umask-from-.patch
systemd (245.4-3) unstable; urgency=medium
[ Dan Streetman ]
* d/rules: in dh_auto_test, include meson param --print-errorlogs.
Also, don't cat testlog.txt; it's noisy and not very helpful.
Upstream request:
https://github.com/systemd/systemd/pull/14338#issuecomment-
603432989
[ Michael Biebl ]
* pid1: by default make user units inherit their umask from the user manager
(Closes: #945000)
* user-util: rework how we validate user names.
This reworks the user validation infrastructure. There are now two
modes. In regular mode we are strict and test against a strict set of
valid chars. And in "relaxed" mode we just filter out some really
obvious, dangerous stuff. i.e. strict is whitelisting what is OK, but
"relaxed" is blacklisting what is really not OK.
The idea is that we use strict mode whenever we allocate a new user,
while "relaxed" mode is used when we process users registered elsewhere.
(Closes: #955541)
[dgit import unpatched systemd 245.4-3]
projects / systemd.git / log