[Pkg-shadow-devel] Allowing dots in usernames

Nicolas François nicolas.francois at centraliens.net
Mon Dec 5 20:00:24 UTC 2011


On Mon, Dec 05, 2011 at 09:29:02AM -0800, scott.a.garman at intel.com wrote:
> The other day I found a post to this ML (which I can't seem to find
> anymore) indicating that allowing dots in usernames was being
> considered.

It might have been on the openembedded mailing list

> I was just wondering what the status of this was. In Yocto we mark
> our patches with metadata indicating whether they are upstreamable
> or not. If shadow will not be officially supporting dots in
> usernames, that's fine, but I just want to make sure I know what the
> status of this is so I can mark our patches accordingly.

The issues with dots is that is is (or used to be) used by chown as a
separator between user and group.
This issue can be relaxed because chown has good heuristics if I remember
(I would still expect issues if the users and groups foo, foo.bar,
bar.baz, foo.bar.baz, and baz exist and chown is called with foo.bar.baz)

However in general for this issue, this part of libmisc/chkname.c is
patched by all distributions (I do on Debian, it's done on Fedora, etc.)
Therefore, I intend in the future to let the naming rule configurable (my
current idea is to forbid only what would badly break the database, and
have a blacklist / whitelist of characters, maybe with different lists for
the first character).
But I have currently no idea when the future will be.

For your information, the current restrictions on Debian are:
 ':'  -> field separator
 ','  -> member separator for groups
 '\n' -> entry separator
 ' '  -> can be confusing for options
 '\t' -> likewise
 '-'  -> used for NIS as first character
         can be confusing for command line parsing
 '+'  -> used for NIS as first character
 '~'  -> used for expansion by shells

(this was agreed on Debian to have very relaxed rules for useradd, but
stricter rules in adduser)

Best Regards,

More information about the Pkg-shadow-devel mailing list