[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: About valid and invalid user names

On Sun, 2005-02-06 at 12:15 +0100, Marc Haber wrote:
> By default, adduser will verify the user against a configurable
> regexp, default being the most conservative ^[a-z][a-z0-9\-]*$. The
> --force-badname option will change the regexp to a hardcoded
> ^[-\._A-Za-z0-9]*\$?$, allowing users to happily hang themselves. This
> gives the somewhat funny situation that the default can be configured
> to be less restrictive than --force-badname, but I doubt that it would
> be sensible to have --force-badname turn off all checks.

How about adding an additional check to the code path without
--force-badname that checks that the username is a valid POSIX username.
That is, make it check against the configurable regexp only when
--force-badname is not given, and against the hardcoded one in both
occasions. This would avoid the "funny situation" and not break any
POSIX-following tools.

Petri Latvala

Attachment: signature.asc
Description: This is a digitally signed message part

Reply to: