[systemd-devel] Github systemd issue 6237

Lennart Poettering lennart at poettering.net
Mon Jul 10 14:41:48 UTC 2017


On Mon, 10.07.17 15:58, Lennart Poettering (lennart at poettering.net) wrote:

> On Mon, 10.07.17 15:16, Jan Synacek (jsynacek at redhat.com) wrote:
> 
> > On Mon, Jul 10, 2017 at 12:42 PM, Lennart Poettering
> > <lennart at poettering.net> wrote:
> > > Now, because this is so weakly defined, we hence do not follow POSIX
> > > rules, but filter out more that might be dangerous. Specifically:
> > >
> > > 1. We do not permit empty usernames
> > > 2. We don't permit the first character to be numeric
> > >    (This also filters out fully numeric user names)
> > > 3. We do not permit dots in usernames, neither at the beginning nor in
> > >    the middle.
> > > 4. We do not permit "-" at the beginning of usernames (something which
> > >    POSIX explicitly suggests, btw)
> > > 5. We require that the user name fits in the utmp user name field, so
> > >    that we can always log properly about it.
> > 
> > Is this documented somewhere? If not, it would be great to have it
> > documented. I'm pretty sure that this exact paragraph would be ok.
> 
> There's a longer (and not entirely complete) comment about this in the
> sources, but other than that it's not explicitly documented.
> 
> If you prep a patch that adds this to the User=/Group= man page, this
> would certainly be welcome. However, it should be reworded, as we
> shouldn't say "We" there, and probably drop explicit references to
> POSIX and utmp there, and instead just dryly state the accepted
> character set + minimum and maximum string lengths.

I have posted a PR documenting this just now:

https://github.com/systemd/systemd/pull/6321

Lennart

-- 
Lennart Poettering, Red Hat


More information about the systemd-devel mailing list