107 lines
4.0 KiB
Plaintext
Executable File
107 lines
4.0 KiB
Plaintext
Executable File
Goal: Relaxed usernames/groupnames checking patch.
|
|
|
|
Status wrt upstream: Debian specific. Not to be used upstream
|
|
The documentation of the username length restriction
|
|
was added upstream
|
|
|
|
Details:
|
|
Allows any non-empty user/grounames that don't contain ':' and '\n'
|
|
characters and don't start with '-'. This patch is more restrictive
|
|
than original Karl's version. closes: #264879
|
|
Also closes: #377844
|
|
|
|
Comments from Karl Ramm (shadow 1:4.0.3-9, 20 Aug 2003 02:06:50 -0400):
|
|
|
|
I can't come up with a good justification as to why characters other
|
|
than ':'s and '\0's should be disallowed in group and usernames (other
|
|
than '-' as the leading character). Thus, the maintenance tools don't
|
|
anymore. closes: #79682, #166798, #171179
|
|
|
|
Index: shadow-4.1.0/libmisc/chkname.c
|
|
===================================================================
|
|
--- shadow-4.1.0.orig/libmisc/chkname.c
|
|
+++ shadow-4.1.0/libmisc/chkname.c
|
|
@@ -17,6 +17,7 @@
|
|
#endif
|
|
static int good_name (const char *name)
|
|
{
|
|
+#if 0
|
|
/*
|
|
* User/group names must match [a-z_][a-z0-9_-]*[$]
|
|
*/
|
|
@@ -30,6 +31,20 @@
|
|
(*name == '$' && *(name + 1) == '\0')))
|
|
return 0;
|
|
}
|
|
+#endif
|
|
+ /*
|
|
+ * POSIX indicate that usernames are composed of characters from the
|
|
+ * portable filename character set [A-Za-z0-9._-], and that the hyphen
|
|
+ * should not be used as the first character of a portable user name.
|
|
+ *
|
|
+ * Allow more relaxed user/group names in Debian -- ^[^-:\s][^:\s]*$
|
|
+ */
|
|
+ if (!*name || isspace(*name))
|
|
+ return 0;
|
|
+ do
|
|
+ if (*name == ':' || isspace(*name))
|
|
+ return 0;
|
|
+ while (*++name);
|
|
|
|
return 1;
|
|
}
|
|
Index: shadow-4.1.0/man/useradd.8.xml
|
|
===================================================================
|
|
--- shadow-4.1.0.orig/man/useradd.8.xml
|
|
+++ shadow-4.1.0/man/useradd.8.xml
|
|
@@ -195,6 +195,7 @@
|
|
default is to not create the directory and to not copy any
|
|
files.
|
|
</para>
|
|
+ <para>This option may not function correctly if the username has a / in it.</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
<varlistentry>
|
|
@@ -372,9 +373,15 @@
|
|
</para>
|
|
|
|
<para>
|
|
- Usernames must begin with a lower case letter or an underscore, and
|
|
- only lower case letters, underscores, dashes, and dollar signs may
|
|
- follow. In regular expression terms: [a-z_][a-z0-9_-]*[$]?
|
|
+ It is usually recommended to only use usernames that begin with
|
|
+ a lower case letter or an underscore, and are only followed by lower
|
|
+ case letters, digits, underscores, dashes, and optionally terminated by
|
|
+ a dollar sign. In regular expression terms: [a-z_][a-z0-9_-]*[$]?
|
|
+ </para>
|
|
+ <para>
|
|
+ On Debian, the only constraints are that usernames must neither start
|
|
+ with a dash ('-') nor contain a colon (':') or a whitespace (space:' ',
|
|
+ end of line: '\n', tabulation: '\t', etc.).
|
|
</para>
|
|
</refsect1>
|
|
|
|
Index: shadow-4.1.1/man/groupadd.8.xml
|
|
===================================================================
|
|
--- shadow-4.1.1.orig/man/groupadd.8.xml 2008-08-15 09:07:37.033120372 -0300
|
|
+++ shadow-4.1.1/man/groupadd.8.xml 2008-08-15 09:10:24.961112507 -0300
|
|
@@ -170,9 +170,15 @@
|
|
<refsect1 id='caveats'>
|
|
<title>CAVEATS</title>
|
|
<para>
|
|
- Groupnames must begin with a lower case letter or an underscore,
|
|
- and only lower case letters, underscores, dashes, and dollar signs
|
|
- may follow. In regular expression terms: [a-z_][a-z0-9_-]*[$]?
|
|
+ It is usually recommended to only use usernames that begin with
|
|
+ a lower case letter or an underscore, and are only followed by lower
|
|
+ case letters, digits, underscores, dashes, and optionally terminated by
|
|
+ a dollar sign. In regular expression terms: [a-z_][a-z0-9_-]*[$]?
|
|
+ </para>
|
|
+ <para>
|
|
+ On Debian, the only constraints are that usernames must neither start
|
|
+ with a dash ('-') nor contain a colon (':') or a whitespace (space:' ',
|
|
+ end of line: '\n', tabulation: '\t', etc.).
|
|
</para>
|
|
<para>
|
|
Groupnames may only be up to 16 characters long.
|