systemd Dynamic Users

By chimo on Feb. 12, 2025 (updated on Feb. 16, 2025)

systemd

I really didn’t want to dislike systemd. I don’t want to join the systemd-bashing “movement” (regardless of whether the bashing is deserved or not). systemd is making that very difficult though.

I was working on setting up a container to run influxdb recently. I ended up choosing Archlinux as the operating system because they have a package for it in their repository. Archlinux is the distro I am (or maybe “was” I’m starting to think) most familiar with, so it’s often my second choice when Alpine Linux would be more work than I want to put-in at that moment.

In this situation, I already had influxdb data from somewhere else I had copied over, so my plan was to:

Install influxdb
Copy the data into /var/lib/private/influxdb
chown -R influxdb:influxdb /var/lib/private/influxdb
Start the influxdb service

Unfortunately, the chown step returned “chown: invalid user: ‘influxdb:influxdb’”

Huh, odd… I would’ve thought the user/group would be created at install time.

# Check if the user exists in /etc/passwd
root@influxdb:~# cat /etc/passwd | grep influxdb
# Nope.
root@influxdb:~# █
# Check folder permissions
root@influxdb:~# ls -ld /var/lib/private/influxdb
drwxr-xr-x 1 65309 65309 76 Feb  9 21:54 /var/lib/private/influxdb/

Doesn’t seem like it. Maybe it creates it the first time it runs. Let’s try starting the service:

# Start the service
root@influxdb:~# systemctl start influxdb
# Check folder permissions
root@influxdb:~# ls -ld /var/lib/private/influxdb
drwxr-xr-x 1 influxdb influxdb 76 Feb  9 21:54 /var/lib/private/influxdb/

Ah there it is. Okay, let’s try this again:

# Stop the service
root@influxdb:~# systemctl stop influxdb
root@influxdb:~# chown -R influxdb:influxdb /var/lib/private/influxdb
chown: invalid user: 'influxdb:influxdb'
root@influxdb:~# ls -ld /var/lib/private/influxdb
drwxr-xr-x 1 65309 65309 76 Feb  9 21:54 /var/lib/private/influxdb/
root@influxdb:~# cat /etc/passwd | grep influxdb
root@influxdb:~# █

wtf.

root@influxdb:~# systemctl start influxdb
root@influxdb:~# ls -ld /var/lib/private/influxdb
drwxr-xr-x 1 influxdb influxdb 76 Feb  9 21:54 /var/lib/private/influxdb/
root@influxdb:~# cat /etc/passwd | grep influxdb
root@influxdb:~# █

So the user never appears in /etc/passwd even when it seems to be recognized by ls and turns back into its numerical ID when the service is stopped‽

Ladies and gentlemen, this is “systemd dynamic users” apparently. Sure enough, in the Archlinux (or upstream’s) systemd unit file is the line:

...
DynamicUser=yes
...

I do not know what kind of fresh hell this is, but I might make Void Linux my second distro of choice at this rate.