[ArneBab]

They just would have had to think "let’s do the safe thing — instead of just assuming everything goes well and potentially using the root user as fallback if we’re wrong".

It’s a mindset/philosophy problem, and that doesn’t change when bugs get fixed. It would require the devs to change, but that didn’t happen in the past decade, so we cannot just assume that it will happen in the next.

[db48x]

But you have to be root to install a systemd unit in the first place...

[CodeWriter23]

Doesn't mean I want systemd silently escalating my process to root when I think I've told it to contain privileges of the process to a specific userid. Clearly the correct behavior for such a program is to throw an error if it is rejecting a username for ANY reason, even when that reason is supported by stilted reasoning.

[digi_owl]

And?

What is going on here is that an admin thinks he has shored up the service defined in the service file, because hey, it runs. Only to later have the server 0wned because apparently it was running as root the whole time...

[chronid]

Breaking expectations is not a reasonable default.

[falcolas]

There are also user-level unit files; can this bug be triggered by those?

EDIT: No; it acts as if the 'User=' directive doesn't exist.