[Pkg-shadow-devel] Musings about Usernames in adduser and Debian

Iustin Pop iustin at debian.org
Thu Nov 21 22:26:48 GMT 2024 

On 2024-11-21 18:45:06, Marc Haber wrote:
> [writing this with my adduser hat on. I am also in touch with the
> maintainers of src:shadow and base-passwd]
> 
> Hi,
> 
> recently, I have "taken over" the wiki page about UserAccounts and have
> put in some history and general thoughts about what Debian thinks about
> user names and name restrictions.
> 
> https://wiki.debian.org/UserAccounts
> 
> I fear that I have opened an especially nasty can of worms by beginning
> to do sanity checks in adduser and being pointed towards user name
> encoding in that process. Can you help me to bring some sense into this
> mess?
> 
> I would like to hear your comments. Feel free to directly apply
> corrections to the wiki page. I am especially interested in having clear
> terminology regarding unicode codepoints, UTF-8, character strings and
> byte strings.  It is vitally important to be consistent her to avoid
> making the mess even worse.
> 
> For adduser's next release, I would like to discuss the following
> things:
> 
> (1)
> Should Debian allow UTF-8 user names in the first place or should we
> restrict names for regular users to some us-ascii near set as well? (I
> think yes, we should)

You weren't clear to which part you agreed. If by "we should" you meant
the closest option, i.e. restrict, then I agree as well.

As Richard also replied, full UTF-8 is tricky, and I think it's somewhat
misplaced to focus on the username, as opposed to gecos. Aren't most
other OSes using the "full name" as the "display name", and the username
is mostly one part of the user/password combination, but not a display
property most of the time?

So I would suggest that maybe the better option is to standardise the
gecos format/gecos parsing, so migrate UI tools to use that more often.

On the other hand, as long as this is admin-controlled, it doesn't
matter much. I could see that viewpoint, but I wonder how much latent
breakage would be introduced that will take years to fix in all tooling
and all packages.

regards,
iustin

More information about the Pkg-shadow-devel mailing list