Bug 78276

Summary: Cannot create users with leading numeric characters
Product: [Retired] Red Hat Linux Reporter: Julie Haugh <jfh>
Component: shadow-utilsAssignee: Eido Inoue <havill>
Status: CLOSED WONTFIX QA Contact: David Lawrence <dkl>
Severity: medium Docs Contact:
Priority: medium    
Version: 7.1   
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2004-10-13 14:58:25 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Julie Haugh 2002-11-20 19:04:35 UTC 
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.0.1) Gecko/20021003

Description of problem:
In my original version of Shadow it was possible to create users which had
non-alphabetic initial characters for user names.  Somewhere prior to the 980403
version this was changed by the then-maintainer, Marek.  SVR4, which was the
basis for my writing Shadow, permits the initial character to be non-alphabetic.
 Some OSes complain, Solaris being one which says it will complain if the
leading character isn't a letter.  The real requirement is that the user name
not be a string of digits  which could create ambiguity if the user's names was
"123" and their UID was 456.

useradd and groupadd should scan the entire name to verify that it contains at
least one non-numeric character to avoid the ambiguity problem I mentioned
earlier.  The code which does this is "goodname()" in libmisc/chkname.c.

I'm sorry to pester y'all and would have sent this directly to the maintainer,
but I haven't a clue anymore who is maintaining Shadow.

-- Julie.

Version-Release number of selected component (if applicable):


How reproducible:
Always

Steps to Reproduce:
1.useradd 123def
2.Observe the error message.
3.Observe that user "123def" was not created.
	

Actual Results:  It produced an error message and didn't create the user.

Additional info:

The manpages for useradd and groupadd should be updated to say that creating
users and groups with leading non-alphabetic characters is generally a bad idea
and may confuse stupid programs which code parameter processing as

if (isdigit (*name))
  pw = getpwuid (atoi (name));
else
  pw = getpwnam (name);

Apropos your severity classification -- this used to work, so it's a request to
fix what the original maintainer broke.
Comment 1 Eido Inoue 2004-10-13 14:58:25 UTC 
this will create all sorts of problems for other applications that
expect usernames and do independent validation/parsing. While we now
allow dots and mixed case in the newest releases, I think we should
generally follow common computer "identifier" principles and insist
that the first letter be alphabetic.