Hide Forgot
Description of problem: GECOS field excepting wrong format Version-Release number of selected component (if applicable): ipa-server-3.0.0-34.el6.x86_64 and ipa-server-3.3.1-2.el7.x86_64 How reproducible: 100% Steps to Reproduce: [root@server65 ~]# ipa user-add gecosuser First name: gecosuser Last name: gecosuser ---------------------- Added user "gecosuser" ---------------------- User login: gecosuser First name: gecosuser Last name: gecosuser Full name: gecosuser gecosuser Display name: gecosuser gecosuser Initials: gg Home directory: /home/gecosuser GECOS field: gecosuser gecosuser <---------------------------- Login shell: /bin/sh Kerberos principal: gecosuser Email address: gecosuser UID: 1804400085 GID: 1804400085 Password: False Kerberos keys available: False [root@server65 ~]# ipa user-mod gecosuser --gecos="wrong format,Redhat" ------------------------- Modified user "gecosuser" ------------------------- User login: gecosuser First name: gecosuser Last name: gecosuser Home directory: /home/gecosuser GECOS field: wrong format,Redhat <--------------------------- Login shell: /bin/sh Email address: gecosuser UID: 1804400085 GID: 1804400085 Account disabled: False Password: False Member of groups: ipausers Kerberos keys available: False Expected results: It should show error message Additional info: http://en.wikipedia.org/wiki/Gecos_field
We have no validator in place on GECOS field, i.e. you can set it to anything you want. But speaking of "wrong format,Redhat", is it really wrong? Wiki says it can be a comma-delimited list. E.g.: # ipa user-add --first=Foo --last=Bar fbar1 --gecos "Foo Bar, Red Hat" ------------------ Added user "fbar1" ------------------ User login: fbar1 First name: Foo Last name: Bar Full name: Foo Bar Display name: Foo Bar Initials: FB Home directory: /home/fbar1 GECOS: Foo Bar, Red Hat Login shell: /bin/sh Kerberos principal: fbar1.BOS.REDHAT.COM Email address: fbar1.bos.redhat.com UID: 470000063 GID: 470000063 Password: False Member of groups: ipausers Kerberos keys available: False # getent passwd fbar1 fbar1:*:470000063:470000063:Foo Bar, Red Hat:/home/fbar1:/bin/sh ... looks OK to me. What seems more troubling to me, is this case: # ipa user-add --first=Foo --last=Bar fbar2 --gecos "Foo Bar:Red Hat" ------------------ Added user "fbar2" ------------------ User login: fbar2 First name: Foo Last name: Bar Full name: Foo Bar Display name: Foo Bar Initials: FB Home directory: /home/fbar2 GECOS: Foo Bar:Red Hat Login shell: /bin/sh Kerberos principal: fbar2.BOS.REDHAT.COM Email address: fbar2.bos.redhat.com UID: 470000064 GID: 470000064 Password: False Member of groups: ipausers Kerberos keys available: False # getent passwd fbar2 fbar2:*:470000064:470000064:Foo Bar:Red Hat:/home/fbar2:/bin/sh Wouldn't it break some programs reading passwd? Jakub, what do you think about this?
(In reply to Martin Kosek from comment #2) > We have no validator in place on GECOS field, i.e. you can set it to > anything you want. But speaking of "wrong format,Redhat", is it really > wrong? Wiki says it can be a comma-delimited list. E.g.: > Right, but I've never seen GECOS used as a CSV list. Typically only the real name is present in GECOS. <snip> > # getent passwd fbar2 > fbar2:*:470000064:470000064:Foo Bar:Red Hat:/home/fbar2:/bin/sh > > Wouldn't it break some programs reading passwd? Jakub, what do you think > about this? I would expect *programs* to use an API like getpwnam() to retrieve this information. Shell scripts might break here, yes. But then I'd say it's the fault of the admin. I would expect you can set the colon in the homedir or shell as well.
Ok. Seeing this discussion, I think we can treat "gecos" field validation in the same way as general user "cn" attribute validation - i.e. no validation at all, let admin set it to chosen value. Closing as NOTABUG. Please reopen if this is a wrong approach.