[Pkg-shadow-devel] Bug#493230: [Adduser-devel] Bug#493230: manpage of adduser/useradd does not mention how long a username can be

Michelle Konzack linux4michelle at tamay-dogan.net
Mon Aug 11 20:38:10 UTC 2008 

Hello Stephen,

Am 2008-08-01 21:53:38, schrieb Stephen Gran:
> steve at spartacus:~$ sudo adduser ass1234567890123456789012345678901234567890
> Adding user `ass1234567890123456789012345678901234567890' ...
> Adding new group `ass1234567890123456789012345678901234567890' (1004) ...
> groupadd: ass1234567890123456789012345678901234567890 is not a valid group name
> adduser: `/usr/sbin/groupadd -g 1004 ass1234567890123456789012345678901234567890' returned error code 3. Exiting.
> 
> steve at spartacus:~$ man groupadd | grep Groupnames
>        Groupnames must begin with a lower case letter or an underscore, and
>        Groupnames may only be up to 16 characters long.
> 
> I'm reassigning to passwd since that's what's refusing to add the group
> (which you might have noticed had you read the output, but oh well). 

The GROUPs I am using are

private:x:1000:
business:x:1100:michelle.konzack
development:x:1200:michelle.konzack
server:x:1400:michelle.konzack
debian:x:1600:michelle.konzack
redhat:x:1700:michelle.konzack
cybercenter:x:1800:michelle.konzack
omega:x:1900:michelle.konzack

so noting longer then 16 characters.  I have tested it with:

[root at vserver1:~] adduser --home /home/test --shell /bin/bash --force-badname --uid 3000 --ingroup debian --gecos ",,,,," abc123456789012345678901234567890
Adding user `abc123456789012345678901234567890' ...
Adding new user `abc123456789012345678901234567890' (3000) with group `debian' ...
useradd: invalid user name 'abc123456789012345678901234567890'
adduser: `/usr/sbin/useradd -d /home/test -g debian -s /bin/bash -u 3000 abc123456789012345678901234567890' returned error code 3. Exiting.

It seems, "GROUP =< 16" and "USER =< 32".  Not realy nice,  if  you  can
imagine, I have an dictionary attack on one of my mail server  with  now
over 86.000.000 different combinations of alpha-numeric  logins  in  the
last 4 years.  (The server is used in the french Governement  :-/ )

Thanks, Greetings and nice Day/Evening
    Michelle Konzack
    Systemadministrator
    24V Electronic Engineer
    Tamay Dogan Network
    Debian GNU/Linux Consultant


-- 
Linux-User #280138 with the Linux Counter, http://counter.li.org/
##################### Debian GNU/Linux Consultant #####################
Michelle Konzack   Apt. 917                  ICQ #328449886
+49/177/9351947    50, rue de Soultz         MSN LinuxMichi
+33/6/61925193     67100 Strasbourg/France   IRC #Debian (irc.icq.com)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.alioth.debian.org/pipermail/pkg-shadow-devel/attachments/20080811/cfed7034/attachment.pgp

More information about the Pkg-shadow-devel mailing list