On Mon, 10.07.17 15:58, Lennart Poettering (lenn...@poettering.net) wrote: > On Mon, 10.07.17 15:16, Jan Synacek (jsyna...@redhat.com) wrote: > > > On Mon, Jul 10, 2017 at 12:42 PM, Lennart Poettering > > <lenn...@poettering.net> wrote: > > > Now, because this is so weakly defined, we hence do not follow POSIX > > > rules, but filter out more that might be dangerous. Specifically: > > > > > > 1. We do not permit empty usernames > > > 2. We don't permit the first character to be numeric > > > (This also filters out fully numeric user names) > > > 3. We do not permit dots in usernames, neither at the beginning nor in > > > the middle. > > > 4. We do not permit "-" at the beginning of usernames (something which > > > POSIX explicitly suggests, btw) > > > 5. We require that the user name fits in the utmp user name field, so > > > that we can always log properly about it. > > > > Is this documented somewhere? If not, it would be great to have it > > documented. I'm pretty sure that this exact paragraph would be ok. > > There's a longer (and not entirely complete) comment about this in the > sources, but other than that it's not explicitly documented. > > If you prep a patch that adds this to the User=/Group= man page, this > would certainly be welcome. However, it should be reworded, as we > shouldn't say "We" there, and probably drop explicit references to > POSIX and utmp there, and instead just dryly state the accepted > character set + minimum and maximum string lengths.
I have posted a PR documenting this just now: https://github.com/systemd/systemd/pull/6321 Lennart -- Lennart Poettering, Red Hat _______________________________________________ systemd-devel mailing list systemd-devel@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/systemd-devel
