[darklajid]

Defaulting to root? Spawning a service defaults to .. the current user.

We can argue if User= lines should be validated more carefully or cause hard errors (vs warnings), but if you do not provide a valid User= line, the process will spawn with the current uid (which is 0 for initd).

[codefined]

Tempted to say it's a service, and the majority of these will want to run as root instead of any particular user. So in this sense the default makes sense.

[ArneBab]

So if someone spawns the torrent server as a restricted user to add a layer of security against problems in the server, and that user starts with a zero — like 0priviledge or 0pointer for that matter, do mind the domain of L. Pötterings blog — the service will launch as root, voiding the layer of protection?

Many of my services do not run as root for a reason.

[JdeBP]

You are erroneously conflating the default when there is no User= item with the default when there is a User= item but its value is neither a number nor a valid account in the user account database. The latter default is the item under discussion here.