I looked up the actual requirements for posix username sanitizing, and it's concerns are _filename_ portability, presumably for the /home/$USER directory:
http://pubs.opengroup.org/onlinepubs/000095399/basedefs/xbd_chap03.html#tag_03_426 http://pubs.opengroup.org/onlinepubs/000095399/basedefs/xbd_chap03.html#tag_03_276 (And objecting to - as the first character, presuably so "ls $USER" isn't interpreted as an option. Except you need to be root to create a new user, so I'm a bit confused at concerns over attacking the system from that direction...? This is also why -- was invented, and scripts use "printf" instead of "echo", and so on...) These filename issues aren't actually a concern on Linux, which allows any character except "/" and NUL in filenames. Note that posix above doesn't allow $ as the last character, which the is_valid_username() stuff does, presumably because redhat allows it? Is there more information on the use cases here? A username can't have ":" in it because it's a colon delimited field, and it can't have "/" if it's being used as a filename, but other than that why aren't other characters allowed? Specifically, why can't we have utf8 usernames? Rob _______________________________________________ Toybox mailing list [email protected] http://lists.landley.net/listinfo.cgi/toybox-landley.net
