Christian Perrier [EMAIL PROTECTED] said: > > [EMAIL PROTECTED] [08:47 AM] [0] ~$ sudo useradd " foo" > > [EMAIL PROTECTED] [08:47 AM] [0] ~$ sudo userdel " foo" > > userdel: user foo does not exist > > *that* could be considered a bug but another one...Either one in > useradd because it allows creating users with leading spaces in their > usernames....or one in userdel for not being able to remove such > users..:)
This actually is a bigger problem than userdel, I think. shadow-4.0.3/src/userdel.c says: user_name = argv[argc - 1]; if (!(pwd = getpwnam (user_name))) { fprintf (stderr, _("%s: user %s does not exist\n"), Prog, user_name); exit (E_NOTFOUND); } So it looks like the problem with spaces is in getpwnam(): [EMAIL PROTECTED] [03:27 PM] [2] ~$ cat getpwnam.c #include <sys/types.h> #include <pwd.h> #include <stdio.h> int main() { struct passwd *bar; bar = getpwnam(" foo"); if (bar == NULL) { printf("user ' foo' not found\n"); } } [EMAIL PROTECTED] [03:27 PM] [2] ~$ gcc getpwnam.c -o getpwnam [EMAIL PROTECTED] [03:27 PM] [2] ~$ ./getpwnam user ' foo' not found > Sure, but then what do you expect us to do? If support for usernames > with spaces is removed, your autocreation script will fail > anyway. Seems that the only solllution for you is avoiding spaces in > usernmaes in the Novell server or hack your user creation scripts to > replace spaces by underscores. Oh, I'm sorry, I wasn't being very clear. None of our Novell usernames have any spaces in them. There is a bug in (I believe) libpam-ncp where when " foo" logs in, it asks Novell for "foo"'s password, and then creates a user named " foo". I think somewhere in libpam-ncp (or maybe on the Novell server, I don't know anything about Novell) the spaces are getting stripped out. The full problem is this. You probably don't care about all the details, which is fine, but hopefully explaining it in this detail will help explain why I think this is a bug and that it is one that should be fixed. * You make a typo and log in to the system as " foo". Novell sees the user " foo" as "foo" and tells libpam-ncp authentication was successful. libpam-ncp creates a user named " foo" with the uid and gid of 1005. * As part of the gnome login process, gnome creates files in /tmp based on your username. It asks getpw* what " foo"'s username is and (as demonstrated above) getpw* returns "foo". It creates /tmp/orbit-foo/, owned by 1005:1005 * Everything works fine. * The next day, you do not make a typo and log in as "foo". libpam-ncp creates a user named "foo" with the uid and gid of 1006. * gnome asks getpw* what your username is, and checks to see if /tmp/orbit-foo/ exists. It does. * gnome tries to write files in /tmp/orbit-foo/. It fails because 1005:1005 owns /tmp/orbit-foo/ and you are 1006:1006. * gnome doesn't know what to do, so it displays a bunch of cryptic errors to the user, and nothing works correctly. There are probably a lot of solutions to this, like cleaning files out of /tmp when a user logs out, or fixing gnome to be more robust. But fundamentally I think spaces in the username are a bad idea, especially given getpwnam()'s behavior. --paulv
signature.asc
Description: Digital signature