Red Hat Bugzilla – Bug 448408
Incorrect test for invalid group/user names
Last modified: 2008-06-03 08:11:38 EDT
Description of problem:
The regexp used in "group" to test whether a group name is valid, and in
"passwd" to test whether a user name is valid, is incorrect. The correct test
(used uniformly in Fedora packages such as libuser and shadow) is:
* total length <= UT_NAMESIZE - 1
* allowed characters are [a-zA-Z0-9], '.', '_', '-'
* first character is not a hyphen
* in addition to the other allowed characters, the last character may be a '$'.
Version-Release number of selected component (if applicable):
Thanks for the report.. Fixed in commits
I watched chkname.c in shadow-utils and I found that even upper-case letters are
not allowed.. so the regex, with which I test it now, is '^[a-z_][a-z0-9_-]*[$]?$'
Please check shadow-4.1.2-goodname.patch, which is used in our packages. The
rules used by the patch are those I posted above.
OK, I used the regex from the shadow goodname patch, so now it is
'^[a-zA-Z0-9_.][a-zA-Z0-9_.-]*[a-zA-Z0-9_.$-]?$'. (I don't test the length in
regex, but in another condition to give the user better error message about the