On Mon, 10.07.17 15:29, Zbigniew Jędrzejewski-Szmek (zbys...@in.waw.pl) wrote:
> > On current Fedora, the current regex useradd enforces appears to be > > this: > > > > [a-zA-Z0-9._][a-zA-Z0-9._-]{0,30}[a-zA-Z0-9._-$]? > > > > If I read things correctly at least... (the trailing $ appears to be a > > special exception they added to be nice to Windows, dunno). And this > > regex appears not to be configurable. > > Maybe the logic should be reversed: instead of trying to *enforce* > the most-strict name that works everywhere, just check that the name > is between 1 and 31 characters is length and not numeric, and relax > the restrictions on the exact characters in the user name, and *warn* > if the user name has "strange" characters: > Warning: user name "foo.bar" contains a dot which conflicts with chown > user.group syntax > Warning: user name "0day" is not portable > Warning: user name "-user" looks like an option ;) > etc. > > After all (as other people said) systemd has no such requirements > itself. It is true that such user names are confusing and > non-portable, but if the local admin has or wants to have such an > account for whatever reason, we don't really care. I don't think things are that simple. We do our user name validation in two places: for User=/Group= and for sysusers.d drop-ins. In both cases the setting may have the effect of registering users in the system user database (in the first case if DynamicUser= is used, in the latter case if the user doesn't exist yet), and I am pretty sure we shouldn't register users in the system user databases that aren't portable. I mean, again, systemd is the one defining both interfaces: User=/Group= as well as sysusers.d, and I am pretty sure we should make sure when they are used they are used in a reasonably safe and sound and portable way. We want that people can write unit files and run them everywhere and they work reasonably well. I think it's not too much to ask from people to follow some simple basic rules when making use of User=/Group=. We aren't really taking away anything there, we aren#t really strict on something that was previously less strict, simply because User=/Group= isn't a sysvinit concept, it's genuinely a systemd concept. Hence, it's not really a matter of consuming weird stuff local admins created. It's a lot more than that: we *create* that stuff, possibly leaving it around for good, and unit files are supposed to be portable between systems. Compare this with logind: we do not validate the user name passed to us from PAM for new login sessions the same way as we do for User=/Group=/sysusers.d. In the logind/PAM case the interface isn't designed by us, PAM doesn't validate its input particularly carefully, and we should probably just accept what PAM accepts as we don't create anything here: we just consume what's listed in the user database. Logging more verbosely about this is good, and maybe making this fatal instead of just a warning might be good too, but just permitting it sounds wrong to me. Lennart -- Lennart Poettering, Red Hat _______________________________________________ systemd-devel mailing list systemd-devel@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/systemd-devel