[systemd-devel] Github systemd issue 6237
Lennart Poettering
lennart at poettering.net
Mon Jul 10 14:41:48 UTC 2017
On Mon, 10.07.17 15:58, Lennart Poettering (lennart at poettering.net) wrote:
> On Mon, 10.07.17 15:16, Jan Synacek (jsynacek at redhat.com) wrote:
>
> > On Mon, Jul 10, 2017 at 12:42 PM, Lennart Poettering
> > <lennart at poettering.net> wrote:
> > > Now, because this is so weakly defined, we hence do not follow POSIX
> > > rules, but filter out more that might be dangerous. Specifically:
> > >
> > > 1. We do not permit empty usernames
> > > 2. We don't permit the first character to be numeric
> > > (This also filters out fully numeric user names)
> > > 3. We do not permit dots in usernames, neither at the beginning nor in
> > > the middle.
> > > 4. We do not permit "-" at the beginning of usernames (something which
> > > POSIX explicitly suggests, btw)
> > > 5. We require that the user name fits in the utmp user name field, so
> > > that we can always log properly about it.
> >
> > Is this documented somewhere? If not, it would be great to have it
> > documented. I'm pretty sure that this exact paragraph would be ok.
>
> There's a longer (and not entirely complete) comment about this in the
> sources, but other than that it's not explicitly documented.
>
> If you prep a patch that adds this to the User=/Group= man page, this
> would certainly be welcome. However, it should be reworded, as we
> shouldn't say "We" there, and probably drop explicit references to
> POSIX and utmp there, and instead just dryly state the accepted
> character set + minimum and maximum string lengths.
I have posted a PR documenting this just now:
https://github.com/systemd/systemd/pull/6321
Lennart
--
Lennart Poettering, Red Hat
More information about the systemd-devel
mailing list