Bug 141273

Summary: system-config-users doesn't allow punctuation
Product: [Fedora] Fedora Reporter: Mike Hawkstarrr <mike.hoxter>
Component: system-config-usersAssignee: Nils Philippsen <nphilipp>
Status: CLOSED RAWHIDE QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: rawhideCC: havill, mattdm, mishu, mitr
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2005-09-23 14:57:29 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Mike Hawkstarrr 2004-11-29 23:19:10 UTC 
From Bugzilla Helper:
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; 
SV1; .NET CLR 1.1.4322)

Description of problem:
I have seen the patch for shadow-utils to fix the punctuation problem 
when entering users in the console, and it worked fine. 
However, for some reason, when trying to add or edit a user whose 
name contains some sort of punctuation (user.name) it bring an error 
and doesn't allow any change to be made, or the new user to be added.

Version-Release number of selected component (if applicable):


How reproducible:
Always

Steps to Reproduce:
1.open gnome useradd program
2.enter user.name
3.click ok
    

Actual Results:  error appears disallowing user because name included 
invalid character

Expected Results:  user should have been entered, without problem.

Additional info:
Comment 1 Eido Inoue 2004-12-01 20:07:42 UTC 
the newest useradd (part of shadow-utils) does allow some punctuation
(underscore, period, dash (but not as the first char), and dollar sign
(only as the last char; use discouraged; for samba interoperability)

e-regex syntax is:

[A-Za-z0-9_.][A-Za-z0-9_.-]{0,15}

(This is what POSIX recommends for user/group names) 

the gnome-useradd (assuming you mean system-config-users) uses a
different validator. changing component.
Comment 2 Mike Hawkstarrr 2004-12-01 22:12:00 UTC 
Maybe an update has been made since the last time I tried using 
system-config-users (it was about 2 months ago), but the validator 
for this program also does not allow a '.' in the name. Has a patch 
been made to fix this problem?
Comment 3 Nils Philippsen 2004-12-03 11:50:56 UTC 
Adrian, the code in s-c-users checks for length <= 32 chars, while your regex
only allows for up to 16 chars. Do you know what actually is the max length for
Linux user names?
Comment 4 Eido Inoue 2004-12-03 20:23:53 UTC 
comment 3: should be length <= sizeof(ut.ut_user)... which is (currently) 16
chars. See bug 56850
Comment 5 Nils Philippsen 2004-12-03 21:46:34 UTC 
Miloslav: I'll hard code 31 chars max for now (which breaks strings
BTW, therefore only in CVS first), then I'll bump this one to you to
implement libuser giving me that info, when you're ready bump it back
to me so I can remove the hardcoded things, ok?
Comment 7 Nils Philippsen 2004-12-06 14:42:45 UTC 
Adrian,

current s-c-users code checks that user/group names don't have a digit as their
first character, probably to avoid things like user "123" having uid "321" ;-).
I guess I'll leave that enforcement in place, it's sensible IMO. What do you think?
Comment 8 Nils Philippsen 2004-12-06 14:45:43 UTC 
Hmm, maybe enforcing one alpha character minimum would be better. Opinions?
Comment 9 Eido Inoue 2004-12-06 17:55:25 UTC 
comment 7,8: i certainly can see where one would want at least one alpha
character or the first character be non-numeric. However, posix is pretty clear
that all numeric user and group names are ok-- and useradd/etc don't seem to
have a problem with number-only user/group names.
Comment 10 Miloslav Trmač 2004-12-06 18:58:54 UTC 
(In reply to comment #9)
> However, posix is pretty clear
> that all numeric user and group names are ok-- and useradd/etc don't seem to
> have a problem with number-only user/group names.
They are nevertheless very impractical --- if the name is all-numeric and
there exists an user/group with that number, the string is interpreted as a
numeric ID, not a string.
This means that things like (chgrp $(id -gn)) stop working. They are not quite
portable, but I wouldn't think of the all-numeric possibility when writing
a script (without participating in this discussion, at least).

I'd suggest at least a warning for all-numeric names. Enforcing a restriction
not enforced by useradd seems to be a recipe for a "remove the restriction"
bug (:
Comment 12 Miloslav Trmač 2004-12-13 21:07:32 UTC 
libuser.UT_NAMESIZE is available from Python since libuser-0.53.1.
Comment 13 Nils Philippsen 2004-12-14 09:51:27 UTC 
This is great. I think I'll still harass the user for choosing all numeric user
names or other stuff ("If you want to shoot yourself in the foot, you can still
use command line tools" ;-).
Comment 14 David Timms 2004-12-18 02:24:59 UTC 
from comment #1:
useradd... does allow some punctuation
(underscore, period, dash (but not as the first char), and dollar sign
(only as the last char; use discouraged; for samba interoperability)

this is correct, a username with a trailing $ can be created, however,
the account cannot be edited in system-config-users (except that a
name change can be forced based on user input, that doesn't allow the
$), nor can an account with trailing $ be created.

As suggested above, a fix for both situations within s-c-u would help
samba interoperability. or should I submit a new bug ...?
Comment 15 Miloslav Trmač 2004-12-18 10:09:13 UTC 
"Samba interoperability" means, as far as I know, machine accounts.
There's not much you can reasonably do with such accounts (considering
the extra data samba stores), maybe except for deleting them.
Comment 16 Matthew Miller 2005-04-26 16:01:22 UTC 
Fedora Core 2 is now maintained by the Fedora Legacy project for
security updates only. If this problem is a security issue, please
reopen and reassign to the Fedora Legacy product. If it is not a
security issue and hasn't been resolved in the current FC3 updates or
in the FC4 test release, reopen and change the version to match.
Comment 17 Nils Philippsen 2005-06-07 13:16:37 UTC 
This problem is still present.
Comment 18 Nils Philippsen 2005-06-10 18:49:21 UTC 
I've fixed this in s-c-users CVS.

Adrian, s-c-users should now behave as useradd/groupadd concerning the validity
of user names/group names -- with one exception: I don't allow a trailing "$" in
group names because AFAIK only user names get abused that way by Samba -- is
that assumption correct?
Comment 19 Eido Inoue 2005-06-10 20:10:49 UTC 
(In reply to comment #18)
> I've fixed this in s-c-users CVS.
> 
> Adrian, s-c-users should now behave as useradd/groupadd concerning the validity
> of user names/group names -- with one exception: I don't allow a trailing "$" in
> group names because AFAIK only user names get abused that way by Samba -- is
> that assumption correct?

Correct, the allowing of the '$' is only for internal Samba user, so s-c-users
need not allow it.
Comment 20 Nils Philippsen 2005-09-23 14:57:29 UTC 
Fixed in system-config-users-1.2.39-1.
Comment 21 Fedora Update System 2005-09-23 15:43:11 UTC 
From User-Agent: XML-RPC

system-config-users-1.2.39-0.fc4.1 has been pushed for FC4, which should resolve this issue.  If these problems are still present in this version, then please make note of it in this bug report.
Comment 22 Fedora Update System 2005-09-29 16:17:22 UTC 
From User-Agent: XML-RPC

system-config-users-1.2.39-0.fc4.1 has been pushed for FC4, which should resolve this issue.  If these problems are still present in this version, then please make note of it in this bug report.