[X2Go-Dev] Arguable bug: usernames starting with digits
Norman Gray
gray at nxg.name
Tue Oct 24 23:48:10 CEST 2017
Uli (and all), hello.
On 24 Oct 2017, at 21:54, Ulrich Sibiller wrote:
> Iirc systemd refused usernames starting with a number. There was a
> huge
> discussion in the systemd bugtracker but I don't remeber the outcome
> anymore.
Thanks for the pointer.
There seem to have been two intermixed discussions there, first about
whether '0day' was a valid username, and secondly about systemd's
behaviour when it encountered such a username.
Early in the discussion, 'poettering' asserts that '"0day" is not a
valid username' and 'the username is clearly not valid', without
pointing to any justification for either assertion. Neither assertion
is supported by the POSIX/SingleUnix or Debian sources I mentioned
earlier. In other words, I think poettering is simply wrong to assert
that such a username is generally invalid.
Other participants in that discussion pointed to the Single Unix spec
(which permits all-digit usernames), and to a passage in the GNU
Coreutils manual
<https://www.gnu.org/software/coreutils/manual/coreutils.html#Disambiguating-names-and-IDs>
which explicitly acknowledges that an all-digits username is legitimate,
and describes how the coreutils resolve the ambiguity.
It may be that _some_ unixes deem a username which starts with a digit
to be invalid, but it's clearly not universal. I'm not aware of any
current unix where this is the case.
Note that (if I recall correctly) some unixes will work fine with an
all-digits username, but the standard tool will not allow you to create
such usernames (this might be true of Debian?).
> Part of the problem is that commands accept both usernames and userid
> AS
> parameters and there just be some clear way to distinguish those two.
The coreutils manual attempts to match a string as a username (even if
all digits) and as a numeric uid only if that fails. It says that
'POSIX requires [this]', but doesn't point to where (I couldn't find
that requirement myself).
Now, in the case of the example there, a user_name_ of '42' really is
asking/begging for trouble, but that library goes out of its way to
process that as a valid username.
Best wishes,
Norman
--
Norman Gray : https://nxg.me.uk
More information about the x2go-dev
mailing list