man: document footgun on SocketUser=

`SocketUser=` might have inconsistent results if they're inside a path specified by `RuntimeDirectory=` (or any other directory option where directories are chown'ed on startup). Especially in the case of creating a socket-activated service that's reachable for another user (the most common usecase for this option), it feels prudent to document this caveat, considering how frequently these unix domain sockets happen to be created in /run. I just ran into this, and it seems https://github.com/systemd/systemd/issues/8635 is at least another documented case.
2024-11-23 10:13:34 +08:00 · 2024-04-26 16:39:02 +03:00 · 2024-04-26 16:39:02 +03:00 · 1c7359c9f6
commit 1c7359c9f6
parent b6df6bef31
1 changed files with 6 additions and 1 deletions
--- a/man/systemd.socket.xml
+++ b/man/systemd.socket.xml
@ -377,7 +377,12 @@
        sockets and FIFO nodes in the file system are owned by the specified user and group. If unset (the
        default), the nodes are owned by the root user/group (if run in system context) or the invoking
        user/group (if run in user context).  If only a user is specified but no group, then the group is
-        derived from the user's default group.</para>
+        derived from the user's default group.
+        Note that this might not have the desired effect if a socket happens to be inside a directory also
+        referred to in a <varname>RuntimeDirectory=</varname>, <varname>StateDirectory=</varname>,
+        <varname>CacheDirectory=</varname>, or <varname>LogsDirectory=</varname> of any service, due to the
+        change of ownership caused by these options.
+        </para>

        <xi:include href="version-info.xml" xpointer="v214"/></listitem>
      </varlistentry>