tech-userlevel: Re: useradd: spaces and $ in usernames

Subject: Re: useradd: spaces and $ in usernames
To: Hubert Feyrer <hubert.feyrer@informatik.fh-regensburg.de>
From: Alistair Crooks <agc@pkgsrc.org>
List: tech-userlevel
Date: 11/20/2001 11:54:04

On Tue, Nov 20, 2001 at 12:57:13AM +0100, Hubert Feyrer wrote:
> On Fri, 16 Nov 2001, Todd Vierling wrote:
> > : What do you think about a warning if some "unusual" username is requested?
> > : Warning: non-alphanumeric/./_/- usernames may leed to non-obvious problems!
> > 
> > (Fine with me personally, but it still belongs in the manpage
> > regardless....)
> 
> I've changed the format of the warning slightly:
> 
> user: Warning: non-standard login names may lead to non-obvious problems!
> 
> Here's a suggested text for the useradd/mod/del.8 manpages:
> 
>      user    The login name of the user to add. Login names are recommended to
>              contain only alphanumeric characters, ".", "_" and "_". Using
>              other characters is supported by useradd, but may lead to unex-
>              pected behaviour in random applications.
> 
> Improvements?
> 
> Below is the latest patch that I would like to commit. 

I'm still not sure what we'd gain from all this. The ability to
define logins that can be used on other operating systems, sure,
using the names that are used on the foreign OS. Why do they have
to be the same names on NetBSD?

I've worked in a number of places where Unix and other operating
systems not only co-existed, but regular access between them was
used. Why is it only now necessary to change the way that usernames
are arranged?

You also haven't surrounded your changes in #ifdef EXTENSIONS, but
have enabled it by default. This is not correct.

As to the changes themselves - why reinvent wheels? What's wrong
with shquote(3) - you are only passing the commands off to /bin/sh,
so it's surely adequate?

The warning message which is displayed does not convey any sense of
urgency to me:

"Warning: non-standard login names may lead to non-obvious problems!"

And, finally, you've obviously been running your systems with non-standard
usernames for a while now - what were the utilities that can't handle these
usernames, and what else did you find out?

i.e. when you try to login with a username that begins with '-', what
happens? Or a username with a '#' anywhere in it?

Regards,
Alistair