return 0;
}
- if (STR_IN_SET(*username, NOBODY_USER_NAME, "65534")) {
+ if (synthesize_nobody() &&
+ STR_IN_SET(*username, NOBODY_USER_NAME, "65534")) {
*username = NOBODY_USER_NAME;
if (uid)
return 0;
}
- if (STR_IN_SET(*groupname, NOBODY_GROUP_NAME, "65534")) {
+ if (synthesize_nobody() &&
+ STR_IN_SET(*groupname, NOBODY_GROUP_NAME, "65534")) {
*groupname = NOBODY_GROUP_NAME;
if (gid)
/* Shortcut things to avoid NSS lookups */
if (uid == 0)
return strdup("root");
- if (uid == UID_NOBODY)
+ if (synthesize_nobody() &&
+ uid == UID_NOBODY)
return strdup(NOBODY_USER_NAME);
if (uid_is_valid(uid)) {
if (gid == 0)
return strdup("root");
- if (gid == GID_NOBODY)
+ if (synthesize_nobody() &&
+ gid == GID_NOBODY)
return strdup(NOBODY_GROUP_NAME);
if (gid_is_valid(gid)) {
*_h = h;
return 0;
}
- if (u == UID_NOBODY) {
+ if (synthesize_nobody() &&
+ u == UID_NOBODY) {
h = strdup("/");
if (!h)
return -ENOMEM;
*_s = s;
return 0;
}
- if (u == UID_NOBODY) {
+ if (synthesize_nobody() &&
+ u == UID_NOBODY) {
s = strdup("/sbin/nologin");
if (!s)
return -ENOMEM;
return 0;
}
+
+bool synthesize_nobody(void) {
+
+#ifdef NOLEGACY
+ return true;
+#else
+ /* Returns true when we shall synthesize the "nobody" user (which we do by default). This can be turned off by
+ * touching /etc/systemd/dont-synthesize-nobody in order to provide upgrade compatibility with legacy systems
+ * that used the "nobody" user name and group name for other UIDs/GIDs than 65534.
+ *
+ * Note that we do not employ any kind of synchronization on the following caching variable. If the variable is
+ * accessed in multi-threaded programs in the worst case it might happen that we initialize twice, but that
+ * shouldn't matter as each initialization should come to the same result. */
+ static int cache = -1;
+
+ if (cache < 0)
+ cache = access("/etc/elogind/dont-synthesize-nobody", F_OK) < 0;
+
+ return cache;
+#endif
+}
~ianmdlvl / elogind.git / commitdiff