Bug 78276 - Cannot create users with leading numeric characters
Summary: Cannot create users with leading numeric characters
Alias: None
Product: Red Hat Linux
Classification: Retired
Component: shadow-utils
Version: 7.1
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: Eido Inoue
QA Contact: David Lawrence
Depends On:
TreeView+ depends on / blocked
Reported: 2002-11-20 19:04 UTC by Julie Haugh
Modified: 2007-04-18 16:48 UTC (History)
0 users

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Last Closed: 2004-10-13 14:58:25 UTC

Attachments (Terms of Use)

Description Julie Haugh 2002-11-20 19:04:35 UTC
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.0.1) Gecko/20021003

Description of problem:
In my original version of Shadow it was possible to create users which had
non-alphabetic initial characters for user names.  Somewhere prior to the 980403
version this was changed by the then-maintainer, Marek.  SVR4, which was the
basis for my writing Shadow, permits the initial character to be non-alphabetic.
 Some OSes complain, Solaris being one which says it will complain if the
leading character isn't a letter.  The real requirement is that the user name
not be a string of digits  which could create ambiguity if the user's names was
"123" and their UID was 456.

useradd and groupadd should scan the entire name to verify that it contains at
least one non-numeric character to avoid the ambiguity problem I mentioned
earlier.  The code which does this is "goodname()" in libmisc/chkname.c.

I'm sorry to pester y'all and would have sent this directly to the maintainer,
but I haven't a clue anymore who is maintaining Shadow.

-- Julie.

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1.useradd 123def
2.Observe the error message.
3.Observe that user "123def" was not created.

Actual Results:  It produced an error message and didn't create the user.

Additional info:

The manpages for useradd and groupadd should be updated to say that creating
users and groups with leading non-alphabetic characters is generally a bad idea
and may confuse stupid programs which code parameter processing as

if (isdigit (*name))
  pw = getpwuid (atoi (name));
  pw = getpwnam (name);

Apropos your severity classification -- this used to work, so it's a request to
fix what the original maintainer broke.

Comment 1 Eido Inoue 2004-10-13 14:58:25 UTC
this will create all sorts of problems for other applications that
expect usernames and do independent validation/parsing. While we now
allow dots and mixed case in the newest releases, I think we should
generally follow common computer "identifier" principles and insist
that the first letter be alphabetic.

Note You need to log in before you can comment on or make changes to this bug.