[Adduser-devel] Bug#432562: --system allow uppercase in usernames without --force-badname
Steve Langasek
steve.langasek at canonical.com
Wed Oct 19 21:49:20 UTC 2011
Package: adduser
Version: 3.113
Followup-For: Bug #432562
User: ubuntu-devel at lists.ubuntu.com
Usertags: origin-ubuntu precise ubuntu-patch
Hi folks,
This bug was 'wontfixed' several years ago with the comment to wait for
feedback on how the experiment with upper case names goes in Ubuntu.
We aren't making extensive use of this functionality; but at the same time,
I don't see any indication of bug reports resulting from this change.
Is there further feedback you'd look for here before reconsidering the
patch?
Attached is the current version of the patch against 3.113.
Cheers,
--
Steve Langasek Give me a lever long enough and a Free OS
Debian Developer to set it on, and I can move the world.
Ubuntu Developer http://www.debian.org/
slangasek at ubuntu.com vorlon at debian.org
-------------- next part --------------
=== modified file 'AdduserCommon.pm'
--- AdduserCommon.pm 2009-09-20 22:09:53 +0000
+++ AdduserCommon.pm 2011-10-19 06:58:53 +0000
@@ -208,6 +208,7 @@
$configref->{"setgid_home"} = "no";
$configref->{"no_del_paths"} = "^/$ ^/lost+found/.* ^/media/.* ^/mnt/.* ^/etc/.* ^/bin/.* ^/boot/.* ^/dev/.* ^/lib/.* ^/proc/.* ^/root/.* ^/sbin/.* ^/tmp/.* ^/sys/.* ^/srv/.* ^/opt/.* ^/initrd/.* ^/usr/.* ^/var/.*";
$configref->{"name_regex"} = "^[a-z][-a-z0-9_]*\$";
+ $configref->{"name_regex_system"} = "^[A-Za-z][-A-Za-z0-9_]*\$";
$configref->{"exclude_fstypes"} = "(proc|sysfs|usbfs|devpts|tmpfs)";
$configref->{"skel_ignore_regex"} = "dpkg-(old|new|dist)\$";
$configref->{"extra_groups"} = "dialout cdrom floppy audio video plugdev users";
=== modified file 'adduser'
--- adduser 2011-06-13 08:15:58 +0000
+++ adduser 2011-10-19 07:01:07 +0000
@@ -230,7 +230,7 @@
# preseed configuration data and then read the config file
preseed_config(\@defaults,\%config);
-&checkname($new_name) if defined $new_name;
+&checkname($new_name, $found_sys_opt) if defined $new_name;
$SIG{'INT'} = $SIG{'QUIT'} = $SIG{'HUP'} = 'handler';
#####
@@ -858,11 +858,12 @@
# checkname: perform some sanity checks
# parameters:
-# none
+# name: the name to check
+# system: 0 if the user isn't a system user, 1 otherwise
# return values:
# none (exits on error)
sub checkname {
- my ($name) = @_;
+ my ($name, $system) = @_;
if ($name !~ /^[_.A-Za-z0-9][-\@_.A-Za-z0-9]*\$?$/) {
printf STDERR
(gtx("%s: To avoid problems, the username should consist only of
@@ -871,14 +872,16 @@
machine accounts \$ is also supported at the end of the username\n"), $0);
exit RET_INVALID_CHARS_IN_NAME;;
}
- if ($name !~ qr/$config{"name_regex"}/) {
+ if ($system
+ ? $name !~ qr/$config{"name_regex_system"}/
+ : $name !~ qr/$config{"name_regex"}/) {
if ($allow_badname) {
print (gtx("Allowing use of questionable username.\n")) if ($verbose);
}
else {
printf STDERR
(gtx("%s: Please enter a username matching the regular expression configured
-via the NAME_REGEX configuration variable. Use the `--force-badname'
+via the NAME_REGEX[_SYSTEM] configuration variable. Use the `--force-badname'
option to relax this check or reconfigure NAME_REGEX.\n"), $0);
exit RET_INVALID_CHARS_IN_NAME;
}
@@ -1026,7 +1029,7 @@
general options:
--quiet | -q don't give process information to stdout
--force-badname allow usernames which do not match the
- NAME_REGEX configuration variable
+ NAME_REGEX[_SYSTEM] configuration variable
--help | -h usage message
--version | -v version number and copyright
--conf | -c FILE use FILE as configuration file\n\n");
=== modified file 'doc/adduser.8'
--- doc/adduser.8 2009-09-20 22:09:53 +0000
+++ doc/adduser.8 2011-10-19 06:58:53 +0000
@@ -193,7 +193,12 @@
.B \-\-force\-badname
By default, user and group names are checked against the configurable
regular expression
-.B NAME_REGEX
+.B NAME_REGEX
+(or
+.B NAME_REGEX_SYSTEM
+if
+.B --system
+is specified)
specified in the configuration file. This option forces
.B adduser
and
=== modified file 'doc/adduser.conf.5'
--- doc/adduser.conf.5 2008-08-10 22:31:28 +0000
+++ doc/adduser.conf.5 2011-10-19 06:58:53 +0000
@@ -122,6 +122,15 @@
doesn't match this regexp, user and group creation in adduser is refused unless
--force-badname is set. With --force-badname set, only weak checks are
performed. The default is the most conservative ^[a-z][-a-z0-9]*$.
+When --system is specified, NAME_REGEX_SYSTEM is used instead.
+.TP
+\fBNAME_REGEX_SYSTEM\fB
+Names of system users are checked against this regular expression.
+If --system is supplied and the name
+doesn't match this regexp, user creation in adduser is refused unless
+--force-badname is set. With --force-badname set, only weak checks are
+performed. The default is as for the default NAME_REGEX but also
+allowing uppercase letters.
.TP
\fBSKEL_IGNORE_REGEX\fB
Files in /etc/skel/ are checked against this regex, and not copied to
More information about the Adduser-devel
mailing list