<guil...@debian.org> Bcc: Subject: Re: Bug#521883: adduser: Please accept underscore prefixed system names Reply-To: In-Reply-To: <20161023135257.qdgedfnzd2q2w...@gaara.hadrons.org>
Control: retitle -1 Have different regexps for system and user account names thanks On Sun, Oct 23, 2016 at 03:52:57PM +0200, Guillem Jover wrote: > I've implemented a new SYS_NAME_REGEX so that at least system names > can accept _-prefixed values. This is the standard used on various > BSDs, it is vendor neutral (not just a Debianism), and it is short > causing way less display problems. I think we should eventually accept this patch and then change the default regexps according to the discussion we had in policy and debian-devel in March 2022. The rest of this message is communication internal to the adduser team and sent to the other participants of this bug as information. Adduser should check system and user account names against different regular expressions. Currently, we just have NAME_REGEX. The system account should be matched against a new expression called SYS_NAME_REGEX, configurable in adduser.conf just as NAME_REGEX. Guillem's patch seems to correctly do that. The command line option --force-badname should switch off both checks. Guillem's patch seems to correctly do that The default for SYS_NAME_REGEX should be [_[:lower:]][-_[:lower:][:digit:]]* Document (README.adduser-for-packages, adduser(8)) that --force-badname is no longer needed for policy compliant system user names. Document SYS_NAME_REGEX in adduser(8), but not in config file. Document (README.adduser-for-packages, adduser(8)) that changing SYS_NAME_REGEX to something more restrictive might make packages break. If you don't feel like doing that documentation, just leave it out and I'll contribute the wording. For a user account, the default should be [[:lower:][:upper:]][-_[:lower:][:upper:][:digit:]]* Document (adduser(8)) that dots are deliberately not allowed and that local administrators are invited to add dots to the regexp and to file bugs against packages that still break while using dot notation in chown. If you don't feel like doing that documentation, just leave it out and I'll contribute the wording. Also document that --force-badname is no longer needed for user names beginning with underscore. Guillem's patch also adds some more functionality to the configuration file parser and the internal format. Please check whether this matches what we intend to do. Greetings Marc
