[X2Go-Dev] Arguable bug: usernames starting with digits

Norman Gray gray at nxg.name
Wed Oct 25 17:28:54 CEST 2017 

Mihai and all, hello.

On 25 Oct 2017, at 13:08, Mihai Moldovan wrote:

> I'm reluctant to allow all-numeric user names because of the ambiguity 
> and the
> fact that we use the user name later for other stuff (e.g., for 
> executing
> commands as the user account that started the session.) Assuming, that 
> "the
> system libraries will get this stuff right" isn't very comforting in 
> this kind
> of edge case.

I appreciate the nervousness -- my first instinct, also, would be to 
validate the username at some point like this.

However, I think the nervousness and the check are both misplaced.  If 
x2go is being invoked with an all-digits username, then it _must_ be the 
case that the system libraries get this right, because they have 
_already_ got this right.  It's not x2go's responsibility to object to a 
username that the rest of the system thinks is valid.

Indeed, it borders on the impertinent!

This is not an edge case: if x2go is being presented with an all-digits 
username, post-login, then it can reliably deduce that it is working on 
a system where an all-digits username is valid (and, as I mentioned 
earlier, I'm not aware of any current unixes, nor any published 
standard, where such a name isn't actually valid).

The fact that the only relevant standards (POSIX/SingleUnix and the 
Debian links I pointed to) deem all-digits to be a valid username means 
also that, to me, x2go has no ground to object to such a name.

Or, put another way, the idea that all-digits usernames are invalid is a 
superstition.  It's a very widespread superstition (and might 
historically have been true), but a superstition nonetheless.

> Then again, this will likely cause problems with software like systemd 
> and maybe
> other, too (like [commercial] authentication brokers that use LDAP or 
> the like.)

If systemd has a problem with a system-valid username, then that is a 
systemd problem, not the system's problem.

The usernames I'm dealing with are coming from an LDAP server.

> All that said, I'd personally argue that just avoiding such naming 
> schemes
> altogether...

I'm afraid that's out of the question.  The LDAP server that's feeding 
me these usernames is happily feeding them out to hundreds of working 
systems across the campus.  Reporting that 'x2go doesn't like your 
usernames' is going to get 'not a bug' attached to it, as fast as 
someone's mouse-finger can move.

Best wishes,

Norman


-- 
Norman Gray  :  https://nxg.me.uk

More information about the x2go-dev mailing list