Re: About valid and invalid user names
On Sat, 05 Feb 2005, Marc Haber wrote:
> On Sat, 5 Feb 2005 14:47:37 -0200, Henrique de Moraes Holschuh
> <hmh@debian.org> wrote:
> >Because people will use it to enable users with start with a digit, since
> >they certainly don't know better or they would never have asked for this.
>
> Right now, we have users patching the adduser "binary" to allow their
> user names.
They are going a long way to be able to shoot themselves in the foot :(
Maybe an initial digit is valid as long as there are other no-digit
characters in the username? I still am not sure tools will like it.
Still, if it is POSIX, we do it and we fix whatever tools that break, like
it was done to chown.
All-digit usernames are clearly an extremely bad idea, IMHO. Anyone who
needs it better make damn sure they *always* map one-to-one to the same
numerical userid, or they might be creating a huge security hole.
While adduser might enforce the above match for all-numerical usernames, I
am not sure it is a good idea on the long run. If the users ever get
renumbered, kabloom! It is a very bad practice that IMHO we should not be
making any easier.
--
"One disk to rule them all, One disk to find them. One disk to bring
them all and in the darkness grind them. In the Land of Redmond
where the shadows lie." -- The Silicon Valley Tarot
Henrique Holschuh
Reply to: