[Pkg-shadow-devel] Allowing dots in usernames

Scott Garman scott.a.garman at intel.com
Tue Dec 6 02:26:02 UTC 2011

On 12/05/2011 12:00 PM, Nicolas François wrote:
> The issues with dots is that is is (or used to be) used by chown as a
> separator between user and group.
> This issue can be relaxed because chown has good heuristics if I remember
> correctly.
> (I would still expect issues if the users and groups foo, foo.bar,
> bar.baz, foo.bar.baz, and baz exist and chown is called with foo.bar.baz)
> However in general for this issue, this part of libmisc/chkname.c is
> patched by all distributions (I do on Debian, it's done on Fedora, etc.)
> Therefore, I intend in the future to let the naming rule configurable (my
> current idea is to forbid only what would badly break the database, and
> have a blacklist / whitelist of characters, maybe with different lists for
> the first character).
> But I have currently no idea when the future will be.
> For your information, the current restrictions on Debian are:
>   ':'  ->  field separator
>   ','  ->  member separator for groups
>   '\n' ->  entry separator
>   ' '  ->  can be confusing for options
>   '\t' ->  likewise
>   '-'  ->  used for NIS as first character
>           can be confusing for command line parsing
>   '+'  ->  used for NIS as first character
>   '~'  ->  used for expansion by shells
> (this was agreed on Debian to have very relaxed rules for useradd, but
> stricter rules in adduser)

Thanks so much for the clarification! We'll keep an eye on changes in 
future versions should the configurable rule feature get added.



Scott Garman
Embedded Linux Engineer - Yocto Project
Intel Open Source Technology Center

More information about the Pkg-shadow-devel mailing list