[X2Go-Dev] Arguable bug: usernames starting with digits
Norman Gray
gray at nxg.name
Wed Oct 25 17:28:54 CEST 2017
Mihai and all, hello.
On 25 Oct 2017, at 13:08, Mihai Moldovan wrote:
> I'm reluctant to allow all-numeric user names because of the ambiguity
> and the
> fact that we use the user name later for other stuff (e.g., for
> executing
> commands as the user account that started the session.) Assuming, that
> "the
> system libraries will get this stuff right" isn't very comforting in
> this kind
> of edge case.
I appreciate the nervousness -- my first instinct, also, would be to
validate the username at some point like this.
However, I think the nervousness and the check are both misplaced. If
x2go is being invoked with an all-digits username, then it _must_ be the
case that the system libraries get this right, because they have
_already_ got this right. It's not x2go's responsibility to object to a
username that the rest of the system thinks is valid.
Indeed, it borders on the impertinent!
This is not an edge case: if x2go is being presented with an all-digits
username, post-login, then it can reliably deduce that it is working on
a system where an all-digits username is valid (and, as I mentioned
earlier, I'm not aware of any current unixes, nor any published
standard, where such a name isn't actually valid).
The fact that the only relevant standards (POSIX/SingleUnix and the
Debian links I pointed to) deem all-digits to be a valid username means
also that, to me, x2go has no ground to object to such a name.
Or, put another way, the idea that all-digits usernames are invalid is a
superstition. It's a very widespread superstition (and might
historically have been true), but a superstition nonetheless.
> Then again, this will likely cause problems with software like systemd
> and maybe
> other, too (like [commercial] authentication brokers that use LDAP or
> the like.)
If systemd has a problem with a system-valid username, then that is a
systemd problem, not the system's problem.
The usernames I'm dealing with are coming from an LDAP server.
> All that said, I'd personally argue that just avoiding such naming
> schemes
> altogether...
I'm afraid that's out of the question. The LDAP server that's feeding
me these usernames is happily feeding them out to hundreds of working
systems across the campus. Reporting that 'x2go doesn't like your
usernames' is going to get 'not a bug' attached to it, as fast as
someone's mouse-finger can move.
Best wishes,
Norman
--
Norman Gray : https://nxg.me.uk
More information about the x2go-dev
mailing list