From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.0.1) Gecko/20021003
Description of problem:
In my original version of Shadow it was possible to create users which had
non-alphabetic initial characters for user names. Somewhere prior to the 980403
version this was changed by the then-maintainer, Marek. SVR4, which was the
basis for my writing Shadow, permits the initial character to be non-alphabetic.
Some OSes complain, Solaris being one which says it will complain if the
leading character isn't a letter. The real requirement is that the user name
not be a string of digits which could create ambiguity if the user's names was
"123" and their UID was 456.
useradd and groupadd should scan the entire name to verify that it contains at
least one non-numeric character to avoid the ambiguity problem I mentioned
earlier. The code which does this is "goodname()" in libmisc/chkname.c.
I'm sorry to pester y'all and would have sent this directly to the maintainer,
but I haven't a clue anymore who is maintaining Shadow.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
2.Observe the error message.
3.Observe that user "123def" was not created.
Actual Results: It produced an error message and didn't create the user.
The manpages for useradd and groupadd should be updated to say that creating
users and groups with leading non-alphabetic characters is generally a bad idea
and may confuse stupid programs which code parameter processing as
if (isdigit (*name))
pw = getpwuid (atoi (name));
pw = getpwnam (name);
Apropos your severity classification -- this used to work, so it's a request to
fix what the original maintainer broke.
this will create all sorts of problems for other applications that
expect usernames and do independent validation/parsing. While we now
allow dots and mixed case in the newest releases, I think we should
generally follow common computer "identifier" principles and insist
that the first letter be alphabetic.