[Pkg-shadow-devel] Valid group/user names, a bug?

Nicolas François nicolas.francois at centraliens.net
Sun Jan 6 17:07:14 UTC 2008 

Hello,

On Sun, Jan 06, 2008 at 03:23:06PM +0100, Joel Forsberg wrote:
> 
> I recently installed shadow-4.0.18.1 and got some troubles with my user/group 
> names. It seems as since shadow version 4-ish, it's no longer possible to 
> have dots in user or group names.
> 
> Is there a reason not to allow user or group names like john.doe?
> 
> (Small patch to fix the issue for me attached)

I've still not apply this patch, but I'm more and more considering
relaxing the username and groupname policy.

Most (all) distribution already relax it:
 * current shadow:
   [a-z_][a-z0-9_-]*[$]?
   max username: sizeof(tmp/utmpx.ut_user)	(== 32 currently)
   max groupname: 16
 * gentoo:
   [a-z_][a-z0-9_-.]*[$]?
   max username: sizeof(tmp/utmpx.ut_user)	(== 32 currently)
   max groupname: unlimited
 * fedora:
   [a-zA-Z0-9_.][a-zA-Z0-9_.-]*[$]?
   max username sizeof(utmp/utmpx.ut_user) -1	(== 31 currently)
   max username sizeof(utmp/utmpx.ut_user) -1	(== 31 currently)
 * debian:
   [^-:\s][^:\s]*		(but Debian users should not add users
                 		with useradd, but adduser, which uses
                 		the [a-z][-a-z0-9]*[$]? regex)
   max username: sizeof(tmp/utmpx.ut_user)	(== 32 currently)
   max groupname: 32
 * POSIX:
   a name is composed of characters from the portable filename character
   set [A-Za-z0-9._-], and that the hyphen should not be used as the first
   character of a portable user name.


The user and group naming policy can be relaxed (up to the Debian regex
IMHO) to the shadow utils point of view. But there can be some issues with
other utils.

Here are some various issues with usernames:
 * '.'
   the dot used to be the user/group separator for chown.
   Since POSIX 1003.1-2001, ':' is the separator, and the behavior of . is
   undefined. For example, what would be the meaning of
   	chown john.doe file
   if the "john.doe" user exists, and the user "john" also exists and the
   group "doe" also exists?
 * ':'
   the colon is used as a separator for the password and group files.
   The colon should never be allowed as long as these databases will be
   supported.
 * new lines
   the new line is used as a separator for the password and group files.
 * other spaces (space, tabulation, carriage return, form-feed, etc.)
   I would not recommend to allow them. This would probably break a lot of
   tools/scripts
 * '-'
   I would not recommend to allow a dash as the first character of a name
   because it could be taken as an option.
 * digits
   I would not recommend to allow digits as the first character of a name
   because some tools/scripts accept an uid or username and use atoi without
   checking if there are some remaining chars. (user "0non-root" could be
   considered as "0")
 * non ascii characters
   The encoding of the user and password databases is not specified, so I
   would not recommend to allow them.

The Fedora choice is probably the most POSIXLY correct policy.
I'm considering a probably safer choice like:
	[a-zA-Z_.][a-zA-Z0-9_.-]*[$]?

For the max username size, I think sizeof(tmp/utmpx.ut_user) is safe (the
ut_user does not need to be nul-terminated)

For the max groupnamesize , I don't have arguments to limit the size of a
groupname. But tools are probably using buffers of the same size as for
usernames.

Best Regards,
-- 
Nekral

More information about the Pkg-shadow-devel mailing list