Systemd has a bug where user names starting with a digit cause the user daemon to run with root privileges. According to the creator of systemd, this is not a bug and everything is fine. The reason everything is fine is because names like this, which are explicitly permitted by the base standards, are forbidden and tools shouldn't allow creating these names, so it's a bug in the tools for permitting names permitted by the standard.
Fsck systemd.
@schmittlauch @jgoguen poettering is an incompetent, centralistic null and systemd is a sack of shit. EOF.
@schmittlauch @jgoguen @XOR Has anyone tested how non-Systemd systems handle the same issue?
@rochelimit @schmittlauch @XOR On BSD and pre-systemd systems, even systemd using "not systemd" to start the process, this works as expected. There's some exceptions where some tools refuse to allow you to create users named like this, but if you do it anyway you don't end up with a user process running as root.
@schmittlauch Never have I ever convinced an admin to install a package without checking the contents nor the post-install scripts ;)
Also never have I ever seen an admin who doesn't even know where to look for various logs…
@astralboy There's a one-letter replacement in "fsck" that would require a language warning on this. It's also what people generally say when they have to run fsck ;-)
@jgoguen this is 90s Microsoft. Policy was to implement the standard how they thought it should work, not what the standard actually said.
@squinky Embrace, Extend, Extinguish! I remember this -_-
@jgoguen Yeah, it's a bug which should probably be fixed (hopefully Poettering will come to that decision, too).
Nevertheless it's not the end of the world: You need a root user to create a service file with an invalid user name first and then have the admin not read the logs after this.