On Mon, 10.07.17 17:45, Zbigniew Jędrzejewski-Szmek (zbys...@in.waw.pl) wrote:
> On Mon, Jul 10, 2017 at 06:40:00PM +0200, Lennart Poettering wrote: > > On Mon, 10.07.17 18:36, Lennart Poettering (lenn...@poettering.net) wrote: > > > > > > After all (as other people said) systemd has no such requirements > > > > itself. It is true that such user names are confusing and > > > > non-portable, but if the local admin has or wants to have such an > > > > account for whatever reason, we don't really care. > > > > > > I don't think things are that simple. We do our user name validation > > > in two places: for User=/Group= and for sysusers.d drop-ins. In both > > > cases the setting may have the effect of registering users in the > > > system user database (in the first case if DynamicUser= is used, in > > > the latter case if the user doesn't exist yet), and I am pretty sure > > > we shouldn't register users in the system user databases that aren't > > > portable. > > > > Or to say this differently: User=/Group=/sysusers.d shouldn't be > > something you can create users with that for example ArchLinux' > > useradd command wouldn't allow you to create. > > I can see it both ways, but yeah, it never came up before and > personally I never had the need (or even whim) to create a user that > systemd would reject. So I'd like to #6300 to go in, and apart > from that I'm happy with the status quo, and I merged #6321 now. BTW, one more reference point to the discussion: shadow-utils upstream enforces this regex apparently: [a-z_][a-z0-9_-]*$? The trailing $ thing appears to be a more recent addition, some Windows thing. A minimum length of 1 is enforced, but apparently no max length limit (neither _SC_LOGIN_NAME_MAX nor UT_NAMESIZE-1). Fedora/RH deviate from that though and explicitly patch this out, replacing this with the more relaxed regex mentioned earlier: https://src.fedoraproject.org/cgit/rpms/shadow-utils.git/tree/shadow-4.1.5.1-goodname.patch It appears our rules are hence pretty close to shadow-util's original ones with the exeption of the max size limit and the Windows $ thing, which really shouldn't apply to our system service users I figure. Lennart -- Lennart Poettering, Red Hat _______________________________________________ systemd-devel mailing list systemd-devel@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/systemd-devel