Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 2055 - adduser will not allow capital letters
Summary: adduser will not allow capital letters
Status: RESOLVED INVALID
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: [OLD] Core system (show other bugs)
Hardware: x86 Linux
: High trivial (vote)
Assignee: Martin Schlemmer (RETIRED)
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2002-04-24 01:53 UTC by Seemant Kulleen (RETIRED)
Modified: 2003-03-27 01:01 UTC (History)
4 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Seemant Kulleen (RETIRED) gentoo-dev 2002-04-24 01:53:33 UTC
nothing bad, just wondering how to make a user name trinitAX on my gentoo
system, is all.  I get this:

nebuchadnezzar hylafax # adduser -m trinitAX
adduser: invalid user name 'trinitAX'
Comment 1 Martin Schlemmer (RETIRED) gentoo-dev 2002-04-24 18:36:59 UTC
Interesting question .. does it work on other distro, or with the old
shadow stuff .. anyone ?
Comment 2 Seemant Kulleen (RETIRED) gentoo-dev 2002-04-24 19:46:52 UTC
as far as I know, Slackware and RedHat both allow this. Presumably, Mandrake
does as well, but I can not say for certain.  I can, however, be sure of
Slackware...  I will check on Debian and Sorcerer this evening
Comment 3 Seemant Kulleen (RETIRED) gentoo-dev 2002-04-25 12:31:23 UTC
Az, from Slackware:

nebuchadnezzar htdig # chroot /mnt/slack/ /bin/bash
nebuchadnezzar:/# adduser RaCh

Login name for new user []: Rachel

User id for Rachel [ defaults to next available]: 

Initial group for Rachel [users]: 

Additional groups for Rachel (seperated
with commas, no spaces) []: users,wheel

Rachel's home directory [/home/Rachel]: 

Rachel's shell [/bin/bash]: 

Rachel's account expiry date (YYYY-MM-DD) []: 

OK, I'm about to make a new account. Here's what you entered so far:

New login name: Rachel
New UID: [Next available]
Initial group: users
Additional groups: users,wheel
Home directory: /home/Rachel
Shell: /bin/bash
Expiry date: [no expiration]

This is it... if you want to bail out, hit Control-C.  Otherwise, press
ENTER to go ahead and make the account.


Making new account...

Changing the user information for Rachel
Enter the new value, or press return for the default
        Full Name []: 
        Room Number []: 
        Work Phone []: 
        Home Phone []: 
        Other []: 

Changing password for Rachel
Enter the new password (minimum of 5, maximum of 127 characters)
Please use a combination of upper and lower case letters and numbers.
New password: 
Bad password: too short.  
Warning: weak password (enter it again to use it anyway).
New password: 
Bad password: too short.  
Warning: weak password (enter it again to use it anyway).
New password: 
Re-enter new password: 
Password changed.
Done...
nebuchadnezzar:/# 
Comment 4 Seemant Kulleen (RETIRED) gentoo-dev 2002-04-25 12:34:03 UTC
From Debian:

nebuchadnezzar htdig # chroot /mnt/deb/ /bin/bash
nebuchadnezzar:/# adduser RaCh
adduser: Please enter a username consisting of a lower case letter
followed by lower case letters and numbers.  Use the `--force-badname'
option to allow underscores, and uppercase.
nebuchadnezzar:/# adduser --force-badname RaCh
Allowing use of questionable username.
Adding user RaCh...
Adding new group RaCh (1004).
Adding new user RaCh (1004) with group RaCh.
Creating home directory /home/RaCh.
Copying files from /etc/skel
Enter new UNIX password: 
Retype new UNIX password: 
passwd: password updated successfully
Changing the user information for RaCh
Enter the new value, or press return for the default
        Full Name []: 
        Room Number []: 
        Work Phone []: 
        Home Phone []: 
        Other []: 
Is the information correct? [y/n] y
nebuchadnezzar:/#
Comment 5 Seemant Kulleen (RETIRED) gentoo-dev 2002-04-25 12:34:53 UTC
Sorcerer behaves exactly the way we do.  Debian's comment on --force-badname
makes me wonder though if this is some sort of security risk or something...
Comment 6 Martin Schlemmer (RETIRED) gentoo-dev 2002-04-25 13:31:18 UTC
Hmm, ok, only spanner in the works, is that we dont have a "adduser" script,
but a symlink to useradd.  Is all this also true for useradd ?
Comment 7 Seemant Kulleen (RETIRED) gentoo-dev 2002-04-25 15:36:36 UTC
good point, I will try useradd on slack and deb
Comment 8 Matthew Kennedy (RETIRED) gentoo-dev 2002-04-25 15:41:14 UTC
On redhat 7.2:

  # useradd Bubbles
  # grep Bubbles  /etc/passwd
  Bubbles:x:501:501::/home/Bubbles:/bin/bash

capital's seem okay there.
Comment 9 Seemant Kulleen (RETIRED) gentoo-dev 2002-04-25 15:44:34 UTC
From Debian then:

nebuchadnezzar quirc # chroot /mnt/deb/ /bin/bash
nebuchadnezzar:/# useradd RaCh
useradd: user RaCh exists
nebuchadnezzar:/# deluser RaCh
Removing user RaCh...
done.
nebuchadnezzar:/# useradd RaCh
nebuchadnezzar:/# grep !$ /etc/passwd
grep RaCh /etc/passwd
RaCh:x:1004:100::/home/RaCh:/bin/bash
nebuchadnezzar:/# 
Comment 10 Seemant Kulleen (RETIRED) gentoo-dev 2002-04-25 15:46:03 UTC
And from Slackware:

nebuchadnezzar quirc # chroot /mnt/slack/ /bin/bash
nebuchadnezzar:/# deluser RaCh
bash: deluser: command not found
nebuchadnezzar:/# userdel !$
userdel RaCh
userdel: user RaCh does not exist
nebuchadnezzar:/# useradd RaCh
nebuchadnezzar:/# grep !$ /etc/passwd
grep RaCh /etc/passwd
RaCh:x:1002:100::/home/RaCh:
nebuchadnezzar:/# 
Comment 11 Matthew Walker 2002-05-09 15:45:58 UTC
It is recommended not to have uppercase usernames, because this can mess up a 
lot of email software that expects the names to be all lowercase.
Comment 12 Seemant Kulleen (RETIRED) gentoo-dev 2002-05-30 23:40:00 UTC
Matthew Walker, got an URL for a document on this, perchance?
Comment 13 Seemant Kulleen (RETIRED) gentoo-dev 2002-06-25 05:19:00 UTC
MAtthew Walker? seen my question above?
Comment 14 Matthew Walker 2002-06-25 13:30:24 UTC
Sorry... Wasn't on the CC list. I found somewhere that mentions it. Posting the
link, and the specific clip where it talks about the mailers.

http://www.ocf.berkeley.edu/sysadmin-class/2002-spring/2002-03-12.html

login: login names, aka usernames, are alphanumeric, 8 characters long, and
unique. Windows and some Linux distributions allow for longer login names, and
names which use spaces or other special characters.  To insure portability between
operating systems, it is practical to cater to the lowest common denominator and
limit it to 8 charaters.  They are case sensitive and best kept all lowercase,
especially since sendmail and other mailers expect lowercase logins.
Comment 15 Seemant Kulleen (RETIRED) gentoo-dev 2002-06-26 09:46:40 UTC
hmm, that seems unfounded though.  Rachel tried sendmail-8.12.5 (her username is
Rach) and it accepted it without complaint..
Comment 16 Matthew Walker 2002-06-26 09:49:44 UTC
Well, I just know that's what I read. And it seems like good practice anyway.
But maybe that's just me. Disclaimer: IANALH (I Am Not A Linux Hacker)
Comment 17 Matthew Kennedy (RETIRED) gentoo-dev 2002-06-26 11:22:23 UTC
looking at the source,

src/useradd.c generates the error message from a call to check_user_name() in
libmisc/chkname.c, check_user_name() calls good_name() which looks like this:
static int 

good_name(const char *name) 
        /* 
         * User/group names must match [a-z_][a-z0-9_-]* 
         */ 
        if (!*name || !((*name >= 'a' && *name <= 'z') || *name == '_')) 
                return 0; 
        while (*++name) { 
                if (!((*name >= 'a' && *name <= 'z') || 
                    (*name >= '0' && *name <= '9') || 
                    *name == '_' || *name == '-' || 
                    (*name == '$' && *(name+1) == NULL))) 
                        return 0; 
        } 
        return 1; 
} 

So as you can see, useradd does not allow you to have mixed-case.

I don't know if we want to patch this to allow mixed case or not. What do you
think Az?
Comment 18 Brian Rozmierski 2002-06-26 13:08:38 UTC
Let me interject and pose these (brief) questions and a request:

1. What are we really trying to 'fix'?
2. Is there a reasonable workaround, presuming this is really a 'problem'.
3. Is it also reasonable to ASSuME that adduser is written this way for a reason?
4. And if so, what _may_ break with this change?

If a decision is made to patch adduser, can we please patch in functionality
similiar to Debian's '--force-badname' instead of completely bypassing the check
by default?
Comment 19 Matthew Kennedy (RETIRED) gentoo-dev 2002-06-26 14:58:49 UTC
(thanks to rach for researching this)

* slackware uses an updated shadow and exhibits our useradd's behavior
* redhat (7.2) is using an old shadow which allows mixed case
* debian stable is using an old shadow 

I personally think adjusting shadow to allow mixed case is a bad idea for two
reasons: 1) patching shadow to use mixed case is akin to forking shadow itself
and 2) who knows what other utils (if any) follow the new shadow conventions --
will changing shadow also involve patching any other utils which asume the new
shadow conventions mean we have to patch those too?

I'm gunning for this bug to be resolved as wontfix or invalid.

Comment 20 Martin Schlemmer (RETIRED) gentoo-dev 2002-06-26 16:19:44 UTC
I am pro not changing.  Nothing should break with leaving it as is, except
maybe for leetness *g*

On the other hand, as there are thousands of programs out there, we cannot
say with surety that this change wont break one of them.  In a case like this,
I will rather go with security.
Comment 21 Seemant Kulleen (RETIRED) gentoo-dev 2002-06-26 16:51:03 UTC
Fair enough :)

Thanks gentlemen
Comment 22 teri-aka TrAns13nT 2003-03-27 01:01:19 UTC
bah humbug, I'd like to be able to have mixed case, I always fail to login at least once every boot jsut from force of habit, make some kinda patch and mask it in the mask file and make it ~x86 so it makes it even hard to get installed, leave a nice little disclaimer on the ebuild saying use at your own risk, ymmv, have fun!