summaryrefslogtreecommitdiffstats
path: root/docs/USER_NAMES.md
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--docs/USER_NAMES.md91
1 files changed, 42 insertions, 49 deletions
diff --git a/docs/USER_NAMES.md b/docs/USER_NAMES.md
index 74c24b5..fe0ca7f 100644
--- a/docs/USER_NAMES.md
+++ b/docs/USER_NAMES.md
@@ -7,49 +7,45 @@ SPDX-License-Identifier: LGPL-2.1-or-later
# User/Group Name Syntax
-The precise set of allowed user and group names on Linux systems is weakly
-defined. Depending on the distribution a different set of requirements and
+The precise set of allowed user and group names on Linux systems is weakly defined.
+Depending on the distribution a different set of requirements and
restrictions on the syntax of user/group names are enforced — on some
-distributions the accepted syntax is even configurable by the administrator. In
-the interest of interoperability systemd enforces different rules when
+distributions the accepted syntax is even configurable by the administrator.
+In the interest of interoperability systemd enforces different rules when
processing users/group defined by other subsystems and when defining users/groups
-itself, following the principle of "Be conservative in what you send, be
-liberal in what you accept". Also in the interest of interoperability systemd
-will enforce the same rules everywhere and not make them configurable or
-distribution dependent. The precise rules are described below.
+itself, following the principle of "Be conservative in what you send, be liberal in what you accept".
+Also in the interest of interoperability systemd will enforce the same rules everywhere and not make them configurable or distribution dependent.
+The precise rules are described below.
Generally, the same rules apply for user as for group names.
## Other Systems
-* On POSIX the set of [valid user
- names](https://pubs.opengroup.org/onlinepubs/9699919799/basedefs/V1_chap03.html#tag_03_437)
- is defined as [lower and upper case ASCII letters, digits, period,
- underscore, and
- hyphen](https://pubs.opengroup.org/onlinepubs/9699919799/basedefs/V1_chap03.html#tag_03_282),
- with the restriction that hyphen is not allowed as first character of the
- user name. Interestingly no size limit is declared, i.e. in neither
+* On POSIX the set of
+ [valid user names](https://pubs.opengroup.org/onlinepubs/9699919799/basedefs/V1_chap03.html#tag_03_437)
+ is defined as
+ [lower and upper case ASCII letters, digits, period, underscore, and hyphen](https://pubs.opengroup.org/onlinepubs/9699919799/basedefs/V1_chap03.html#tag_03_282),
+ with the restriction that hyphen is not allowed as first character of the user name.
+ Interestingly no size limit is declared, i.e. in neither
direction, meaning that strictly speaking, according to POSIX, both the empty
string is a valid user name as well as a string of gigabytes in length.
-* Debian/Ubuntu based systems enforce the regular expression
- `^[a-z][-a-z0-9]*$`, i.e. only lower case ASCII letters, digits and
- hyphens. As first character only lowercase ASCII letters are allowed. This
- regular expression is configurable by the administrator at runtime
- though. This rule enforces a minimum length of one character but no maximum
- length.
+* Debian/Ubuntu based systems enforce the regular expression `^[a-z][-a-z0-9]*$`, i.e.
+ only lower case ASCII letters, digits and hyphens.
+ As first character only lowercase ASCII letters are allowed.
+ This regular expression is configurable by the administrator at runtime though.
+ This rule enforces a minimum length of one character but no maximum length.
* Upstream shadow-utils enforces the regular expression
- `^[a-z_][a-z0-9_-]*[$]$`, i.e. is similar to the Debian/Ubuntu rule, but
- allows underscores and hyphens, but the latter not as first character. Also,
- an optional trailing dollar character is permitted.
+ `^[a-z_][a-z0-9_-]*[$]$`, i.e.is similar to the Debian/Ubuntu rule,
+ but allows underscores and hyphens, but the latter not as first character.
+ Also, an optional trailing dollar character is permitted.
* Fedora/Red Hat based systems enforce the regular expression of
`^[a-zA-Z0-9_.][a-zA-Z0-9_.-]{0,30}[a-zA-Z0-9_.$-]?$`, i.e. a size limit of
- 32 characters, with upper and lower case letters, digits, underscores,
- hyphens and periods. No hyphen as first character though, and the last
- character may be a dollar character. On top of that, `.` and `..` are not
- allowed as user/group names.
+ 32 characters, with upper and lower case letters, digits, underscores, hyphens and periods.
+ No hyphen as first character though, and the last character may be a dollar character.
+ On top of that, `.` and `..` are not allowed as user/group names.
* sssd is known to generate user names with embedded `@` and white-space
characters, as well as non-ASCII (i.e. UTF-8) user/group names.
@@ -58,16 +54,15 @@ Generally, the same rules apply for user as for group names.
white-space characters, as well as non-ASCII (i.e. UTF-8) user/group names.
Other operating systems enforce different rules; in this documentation we'll
-focus on Linux systems only however, hence those are out of scope. That said,
-software like Samba is frequently deployed on Linux for providing compatibility
+focus on Linux systems only however, hence those are out of scope.
+That said, software like Samba is frequently deployed on Linux for providing compatibility
with Windows systems; on such systems it might be wise to stick to user/group
names also valid according to Windows rules.
## Rules systemd enforces
-Distilled from the above, below are the rules systemd enforces on user/group
-names. An additional, common rule between both modes listed below is that empty
-strings are not valid user/group names.
+Distilled from the above, below are the rules systemd enforces on user/group names.
+An additional, common rule between both modes listed below is that empty strings are not valid user/group names.
Philosophically, the strict mode described below enforces an allow list of
what's allowed and prohibits everything else, while the relaxed mode described
@@ -83,18 +78,17 @@ or a regular user with
[`systemd-homed.service`](https://www.freedesktop.org/software/systemd/man/systemd-homed.html).
In strict mode, only uppercase and lowercase characters are allowed, as well as
-digits, underscores and hyphens. The first character may not be a digit or
-hyphen. A size limit is enforced: the minimum of `sysconf(_SC_LOGIN_NAME_MAX)`
+digits, underscores and hyphens.
+The first character may not be a digit or hyphen. A size limit is enforced: the minimum of `sysconf(_SC_LOGIN_NAME_MAX)`
(typically 256 on Linux; rationale: this is how POSIX suggests to detect the
limit), `UT_NAMESIZE-1` (typically 31 on Linux; rationale: names longer than
this cannot correctly appear in `utmp`/`wtmp` and create ambiguity with login
accounting) and `NAME_MAX` (255 on Linux; rationale: user names typically
-appear in directory names, i.e. the home directory), thus MIN(256, 31, 255) =
-31.
+appear in directory names, i.e. the home directory), thus MIN(256, 31, 255) = 31.
Note that these rules are both more strict and more relaxed than all of the
-rules enforced by other systems listed above. A user/group name conforming to
-systemd's strict rules will not necessarily pass a test by the rules enforced
+rules enforced by other systems listed above.
+A user/group name conforming to systemd's strict rules will not necessarily pass a test by the rules enforced
by these other subsystems.
Written as regular expression the above is: `^[a-zA-Z_][a-zA-Z0-9_-]{0,30}$`
@@ -107,8 +101,8 @@ components of the system, for example in
[`systemd-logind.service`](https://www.freedesktop.org/software/systemd/man/systemd-logind.html).
Relaxed syntax is also enforced by the `User=` setting in service unit files,
-i.e. for system services used for running services. Since these users may be
-registered by a variety of tools relaxed mode is used, but since the primary
+i.e. for system services used for running services.
+Since these users may be registered by a variety of tools relaxed mode is used, but since the primary
purpose of these users is to run a system service and thus a job for systemd a
warning is shown if the specified user name does not qualify by the strict
rules above.
@@ -150,16 +144,15 @@ Note that these relaxed rules are implied by the strict rules above, i.e. all
user/group names accepted by the strict rules are also accepted by the relaxed
rules, but not vice versa.
-Note that this relaxed mode does not refuse a couple of very questionable
-syntaxes. For example, it permits a leading or embedded period. A leading period
-is problematic because the matching home directory would typically be hidden
-from the user's/administrator's view. An embedded period is problematic since
-it creates ambiguity in traditional `chown` syntax (which is still accepted
+Note that this relaxed mode does not refuse a couple of very questionable syntaxes.
+For example, it permits a leading or embedded period.
+A leading period is problematic because the matching home directory would typically be hidden
+from the user's/administrator's view.
+An embedded period is problematic since it creates ambiguity in traditional `chown` syntax (which is still accepted
today) that uses it to separate user and group names in the command's
parameter: without consulting the user/group databases it is not possible to
-determine if a `chown` invocation would change just the owning user or both the
-owning user and group. It also allows embedding `@` (which is confusing to
-MTAs).
+determine if a `chown` invocation would change just the owning user or both the owning user and group.
+It also allows embedding `@` (which is confusing to MTAs).
## Common Core