Mihai and all, hello.
On 25 Oct 2017, at 13:08, Mihai Moldovan wrote:
I'm reluctant to allow all-numeric user names because of the ambiguity and the fact that we use the user name later for other stuff (e.g., for executing commands as the user account that started the session.) Assuming, that "the system libraries will get this stuff right" isn't very comforting in this kind of edge case.
I appreciate the nervousness -- my first instinct, also, would be to validate the username at some point like this.
However, I think the nervousness and the check are both misplaced. If x2go is being invoked with an all-digits username, then it _must_ be the case that the system libraries get this right, because they have _already_ got this right. It's not x2go's responsibility to object to a username that the rest of the system thinks is valid.
Indeed, it borders on the impertinent!
This is not an edge case: if x2go is being presented with an all-digits username, post-login, then it can reliably deduce that it is working on a system where an all-digits username is valid (and, as I mentioned earlier, I'm not aware of any current unixes, nor any published standard, where such a name isn't actually valid).
The fact that the only relevant standards (POSIX/SingleUnix and the Debian links I pointed to) deem all-digits to be a valid username means also that, to me, x2go has no ground to object to such a name.
Or, put another way, the idea that all-digits usernames are invalid is a superstition. It's a very widespread superstition (and might historically have been true), but a superstition nonetheless.
Then again, this will likely cause problems with software like systemd and maybe other, too (like [commercial] authentication brokers that use LDAP or the like.)
If systemd has a problem with a system-valid username, then that is a systemd problem, not the system's problem.
The usernames I'm dealing with are coming from an LDAP server.
All that said, I'd personally argue that just avoiding such naming schemes altogether...
I'm afraid that's out of the question. The LDAP server that's feeding me these usernames is happily feeding them out to hundreds of working systems across the campus. Reporting that 'x2go doesn't like your usernames' is going to get 'not a bug' attached to it, as fast as someone's mouse-finger can move.
Best wishes,
Norman
-- Norman Gray : https://nxg.me.uk