summaryrefslogtreecommitdiffstats
path: root/debian/patches/506_relaxed_usernames
blob: 8eb1792ba0664f10f4a5c7de786024c1a4c9eab8 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
Goal: Relaxed usernames/groupnames checking patch.

Status wrt upstream: Debian specific. Not to be used upstream

Details:
 Allows any non-empty user/grounames that don't contain ':', ',' or '\n'
 characters and don't start with '-', '+', or '~'. This patch is more
 restrictive than original Karl's version. closes: #264879
 Also closes: #377844
 
 Comments from Karl Ramm (shadow 1:4.0.3-9, 20 Aug 2003 02:06:50 -0400):
 
 I can't come up with a good justification as to why characters other
 than ':'s and '\0's should be disallowed in group and usernames (other
 than '-' as the leading character).  Thus, the maintenance tools don't
 anymore.  closes: #79682, #166798, #171179

--- a/libmisc/chkname.c
+++ b/libmisc/chkname.c
@@ -54,6 +54,7 @@
 		return true;
 	}
 
+#if 0
 	/*
 	 * User/group names must match [a-z_][a-z0-9_-]*[$]
 	 */
@@ -73,6 +74,26 @@
 			return false;
 		}
 	}
+#endif
+	/*
+	 * POSIX indicate that usernames are composed of characters from the
+	 * portable filename character set [A-Za-z0-9._-], and that the hyphen
+	 * should not be used as the first character of a portable user name.
+	 *
+	 * Allow more relaxed user/group names in Debian -- ^[^-~+:,\s][^:,\s]*$
+	 */
+	if (   ('\0' == *name)
+	    || ('-'  == *name)
+	    || ('~'  == *name)
+	    || ('+'  == *name)) {
+		return false;
+	}
+	do {
+		if ((':' == *name) || (',' == *name) || isspace(*name)) {
+			return false;
+		}
+		name++;
+	} while ('\0' != *name);
 
 	return true;
 }
--- a/man/useradd.8.xml
+++ b/man/useradd.8.xml
@@ -662,12 +662,20 @@
     </para>
 
     <para>
-      Usernames must start with a lower case letter or an underscore,
+      It is usually recommended to only use usernames that begin with a lower case letter or an underscore,
       followed by lower case letters, digits, underscores, or dashes.
       They can end with a dollar sign.
       In regular expression terms: [a-z_][a-z0-9_-]*[$]?
     </para>
     <para>
+      On Debian, the only constraints are that usernames must neither start
+      with a dash ('-') nor plus ('+') nor tilde ('~') nor contain a
+      colon (':'), a comma (','), or a whitespace (space: ' ',
+      end of line: '\n', tabulation: '\t', etc.). Note that using a slash
+      ('/') may break the default algorithm for the definition of the
+      user's home directory.
+    </para>
+    <para>
       Usernames may only be up to 32 characters long.
     </para>
   </refsect1>
--- a/man/groupadd.8.xml
+++ b/man/groupadd.8.xml
@@ -273,12 +273,18 @@
    <refsect1 id='caveats'>
      <title>CAVEATS</title>
      <para>
-       Groupnames must start with a lower case letter or an underscore,
+       It is usually recommended to only use groupnames that begin with a lower case letter or an underscore,
        followed by lower case letters, digits, underscores, or dashes.
        They can end with a dollar sign.
        In regular expression terms: [a-z_][a-z0-9_-]*[$]?
      </para>
      <para>
+       On Debian, the only constraints are that groupnames must neither start
+       with a dash ('-') nor plus ('+') nor tilde ('~') nor contain a
+       colon (':'), a comma (','), or a whitespace (space:' ',
+       end of line: '\n', tabulation: '\t', etc.).
+     </para>
+     <para>
        Groupnames may only be up to &GROUP_NAME_MAX_LENGTH; characters long.
      </para>
      <para>