[systemd-devel] Github systemd issue 6237
Lennart Poettering
lennart at poettering.net
Mon Jul 10 13:58:21 UTC 2017
On Mon, 10.07.17 15:16, Jan Synacek (jsynacek at redhat.com) wrote:
> On Mon, Jul 10, 2017 at 12:42 PM, Lennart Poettering
> <lennart at poettering.net> wrote:
> > Now, because this is so weakly defined, we hence do not follow POSIX
> > rules, but filter out more that might be dangerous. Specifically:
> >
> > 1. We do not permit empty usernames
> > 2. We don't permit the first character to be numeric
> > (This also filters out fully numeric user names)
> > 3. We do not permit dots in usernames, neither at the beginning nor in
> > the middle.
> > 4. We do not permit "-" at the beginning of usernames (something which
> > POSIX explicitly suggests, btw)
> > 5. We require that the user name fits in the utmp user name field, so
> > that we can always log properly about it.
>
> Is this documented somewhere? If not, it would be great to have it
> documented. I'm pretty sure that this exact paragraph would be ok.
There's a longer (and not entirely complete) comment about this in the
sources, but other than that it's not explicitly documented.
If you prep a patch that adds this to the User=/Group= man page, this
would certainly be welcome. However, it should be reworded, as we
shouldn't say "We" there, and probably drop explicit references to
POSIX and utmp there, and instead just dryly state the accepted
character set + minimum and maximum string lengths.
Lennart
--
Lennart Poettering, Red Hat
More information about the systemd-devel
mailing list