[Adduser-devel] Bug#432562: --system allow uppercase in usernames without --force-badname

Steve Langasek steve.langasek at canonical.com
Wed Oct 19 21:49:20 UTC 2011 

Package: adduser
Version: 3.113
Followup-For: Bug #432562
User: ubuntu-devel at lists.ubuntu.com
Usertags: origin-ubuntu precise ubuntu-patch

Hi folks,

This bug was 'wontfixed' several years ago with the comment to wait for
feedback on how the experiment with upper case names goes in Ubuntu.

We aren't making extensive use of this functionality; but at the same time,
I don't see any indication of bug reports resulting from this change.

Is there further feedback you'd look for here before reconsidering the
patch?

Attached is the current version of the patch against 3.113.

Cheers,
-- 
Steve Langasek                   Give me a lever long enough and a Free OS
Debian Developer                   to set it on, and I can move the world.
Ubuntu Developer                                    http://www.debian.org/
slangasek at ubuntu.com                                     vorlon at debian.org
-------------- next part --------------
=== modified file 'AdduserCommon.pm'
--- AdduserCommon.pm	2009-09-20 22:09:53 +0000
+++ AdduserCommon.pm	2011-10-19 06:58:53 +0000
@@ -208,6 +208,7 @@
   $configref->{"setgid_home"} = "no";
   $configref->{"no_del_paths"} = "^/$ ^/lost+found/.* ^/media/.* ^/mnt/.* ^/etc/.* ^/bin/.* ^/boot/.* ^/dev/.* ^/lib/.* ^/proc/.* ^/root/.* ^/sbin/.* ^/tmp/.* ^/sys/.* ^/srv/.* ^/opt/.* ^/initrd/.* ^/usr/.* ^/var/.*";
   $configref->{"name_regex"} = "^[a-z][-a-z0-9_]*\$";
+  $configref->{"name_regex_system"} = "^[A-Za-z][-A-Za-z0-9_]*\$";
   $configref->{"exclude_fstypes"} = "(proc|sysfs|usbfs|devpts|tmpfs)";
   $configref->{"skel_ignore_regex"} = "dpkg-(old|new|dist)\$";
   $configref->{"extra_groups"} = "dialout cdrom floppy audio video plugdev users";

=== modified file 'adduser'
--- adduser	2011-06-13 08:15:58 +0000
+++ adduser	2011-10-19 07:01:07 +0000
@@ -230,7 +230,7 @@
 # preseed configuration data and then read the config file
 preseed_config(\@defaults,\%config);
 
-&checkname($new_name) if defined $new_name;
+&checkname($new_name, $found_sys_opt) if defined $new_name;
 $SIG{'INT'} = $SIG{'QUIT'} = $SIG{'HUP'} = 'handler';
 
 #####
@@ -858,11 +858,12 @@
 
 # checkname: perform some sanity checks
 # parameters:
-#   none
+#   name: the name to check
+#   system: 0 if the user isn't a system user, 1 otherwise
 # return values:
 #   none (exits on error)
 sub checkname {
-    my ($name) = @_;
+    my ($name, $system) = @_;
     if ($name !~ /^[_.A-Za-z0-9][-\@_.A-Za-z0-9]*\$?$/) {
 	printf STDERR
 (gtx("%s: To avoid problems, the username should consist only of
@@ -871,14 +872,16 @@
 machine accounts \$ is also supported at the end of the username\n"), $0);
         exit RET_INVALID_CHARS_IN_NAME;;
     }
-    if ($name !~ qr/$config{"name_regex"}/) {
+    if ($system
+        ? $name !~ qr/$config{"name_regex_system"}/
+        : $name !~ qr/$config{"name_regex"}/) {
       if ($allow_badname) {
 	print (gtx("Allowing use of questionable username.\n")) if ($verbose);
       }
       else {
         printf STDERR
 (gtx("%s: Please enter a username matching the regular expression configured
-via the NAME_REGEX configuration variable.  Use the `--force-badname'
+via the NAME_REGEX[_SYSTEM] configuration variable.  Use the `--force-badname'
 option to relax this check or reconfigure NAME_REGEX.\n"), $0);
         exit RET_INVALID_CHARS_IN_NAME;
       }
@@ -1026,7 +1029,7 @@
 general options:
   --quiet | -q      don't give process information to stdout
   --force-badname   allow usernames which do not match the
-                    NAME_REGEX configuration variable
+                    NAME_REGEX[_SYSTEM] configuration variable
   --help | -h       usage message
   --version | -v    version number and copyright
   --conf | -c FILE  use FILE as configuration file\n\n");

=== modified file 'doc/adduser.8'
--- doc/adduser.8	2009-09-20 22:09:53 +0000
+++ doc/adduser.8	2011-10-19 06:58:53 +0000
@@ -193,7 +193,12 @@
 .B \-\-force\-badname
 By default, user and group names are checked against the configurable
 regular expression 
-.B NAME_REGEX 
+.B NAME_REGEX
+(or
+.B NAME_REGEX_SYSTEM
+if
+.B --system
+is specified)
 specified in the configuration file. This option forces
 .B adduser
 and 

=== modified file 'doc/adduser.conf.5'
--- doc/adduser.conf.5	2008-08-10 22:31:28 +0000
+++ doc/adduser.conf.5	2011-10-19 06:58:53 +0000
@@ -122,6 +122,15 @@
 doesn't match this regexp, user and group creation in adduser is refused unless
 --force-badname is set. With --force-badname set, only weak checks are
 performed. The default is the most conservative ^[a-z][-a-z0-9]*$.
+When --system is specified, NAME_REGEX_SYSTEM is used instead.
+.TP
+\fBNAME_REGEX_SYSTEM\fB
+Names of system users are checked against this regular expression.
+If --system is supplied and the name
+doesn't match this regexp, user creation in adduser is refused unless
+--force-badname is set. With --force-badname set, only weak checks are
+performed. The default is as for the default NAME_REGEX but also
+allowing uppercase letters.
 .TP
 \fBSKEL_IGNORE_REGEX\fB
 Files in /etc/skel/ are checked against this regex, and not copied to

More information about the Adduser-devel mailing list