On Thu, 6 Jul 2017, Zbigniew Jędrzejewski-Szmek wrote:
On Thu, Jul 06, 2017 at 01:43:32AM +0200, Reindl Harald wrote:
well, it even don't look but pretend it can't while it does which is
the worst type of operations possible - as long as "adduser" of the
underlying OS accepts and create "0pointer" systemd has *no business
at all* to pretend it can't
Then it's good the that it doesn't ;)
# adduser 0pointer
adduser: Please enter a username matching the regular expression configured
via the NAME_REGEX configuration variable. Use the `--force-badname'
option to relax this check or reconfigure NAME_REGEX.
I know you really only brought this up to counter Reindl's comment, but I
think it's important to point out that adduser's behaviour here is due to
its default configuration -- not due to any fundamental "problems" with
particular usernames. It's not clear why adduser's developers thought it
was a good default.
I guess what I'm saying is that saying "systemd should not support
usernames that start with a digit, since adduser doesn't" is problematic
for at least two reasons. First, adduser can be reconfigured by the
sysadmin to allow such usernames; and second, systemd places *fewer*
restrictions on usernames than adduser's default configuration. systemd
allows usernames containing uppercase letters and underscores, for
instance.
To summarize my thoughts on this matter, I think it's fine to restrict
usernames, but only for _very_ good reason. Specifically, we should not
justify such restrictions simply because they exist in one form or another
in other utilities. valid_user_group_name() currently disallows dots, for
instance, and while I recognize that using dots in a username can
sometimes be problematic, it is not in and of itself invalid. If other
software can't handle dots in usernames, that's their problem. libc can,
and that's all that's required to support it in order to use it in User=
on most systems.
But whether or not usernames are restricted, it's very important to alert
the sysadmin to the fact their unit file isn't being interpreted the way
they wrote it._______________________________________________
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/systemd-devel
