[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: About valid and invalid user names

On Sat, 05 Feb 2005, Marc Haber wrote:
> On Sat, 5 Feb 2005 14:47:37 -0200, Henrique de Moraes Holschuh
> <hmh@debian.org> wrote:
> >Because people will use it to enable users with start with a digit, since
> >they certainly don't know better or they would never have asked for this.
> Right now, we have users patching the adduser "binary" to allow their
> user names.

They are going a long way to be able to shoot themselves in the foot :(

Maybe an initial digit is valid as long as there are other no-digit
characters in the username?  I still am not sure tools will like it.
Still, if it is POSIX, we do it and we fix whatever tools that break, like
it was done to chown.

All-digit usernames are clearly an extremely bad idea, IMHO.  Anyone who
needs it better make damn sure they *always* map one-to-one to the same
numerical userid, or they might be creating a huge security hole.

While adduser might enforce the above match for all-numerical usernames, I
am not sure it is a good idea on the long run.  If the users ever get
renumbered, kabloom!  It is a very bad practice that IMHO we should not be
making any easier.

  "One disk to rule them all, One disk to find them. One disk to bring
  them all and in the darkness grind them. In the Land of Redmond
  where the shadows lie." -- The Silicon Valley Tarot
  Henrique Holschuh

Reply to: