[Pkg-shadow-devel] Valid group/user names, a bug?
Alexander Gattin
xrgtn at yandex.ru
Mon Jan 7 21:42:27 UTC 2008
Hello,
On Sun, Jan 06, 2008 at 06:07:14PM +0100, Nicolas François wrote:
> On Sun, Jan 06, 2008 at 03:23:06PM +0100, Joel Forsberg wrote:
> > Is there a reason not to allow user or group names like john.doe?
>
> I've still not apply this patch, but I'm more and more considering
> relaxing the username and groupname policy.
>
> * debian:
> [^-:\s][^:\s]* (but Debian users should not add users
> with useradd, but adduser, which uses
> the [a-z][-a-z0-9]*[$]? regex)
> max username: sizeof(tmp/utmpx.ut_user) (== 32 currently)
> max groupname: 32
I would rephrase it the next way:
* debian/shadow:
[^-:\s][^:\s]*
max username: sizeof(tmp/utmpx.ut_user) (== 32 currently)
max groupname: 32
* debian/adduser:
[a-z][-a-z0-9]*[$]?
max username: ?
max groupname: ?
> Here are some various issues with usernames:
> * '.'
> the dot used to be the user/group separator for chown.
> Since POSIX 1003.1-2001, ':' is the separator, and the behavior of . is
> undefined. For example, what would be the meaning of
> chown john.doe file
> if the "john.doe" user exists, and the user "john" also exists and the
> group "doe" also exists?
The intuitive way would be to honor the POSIX
definition in such case. IMHO. The real confusion
would be when the user john.doe is created/deleted
and suddenly "chown john.doe" changes its meaning
%)
I'd rather emit a warning when "chown john.doe"
succeeds "in the old sense" (i.e. john:doe).
> * digits
> I would not recommend to allow digits as the first character of a name
> because some tools/scripts accept an uid or username and use atoi without
> checking if there are some remaining chars. (user "0non-root" could be
> considered as "0")
Kind of "0wner" user :)
--
With best regards,
xrgtn
More information about the Pkg-shadow-devel
mailing list