The Ubuntu Security team is +1 on disallowing purely numeric usernames, as they are too easily confused with UIDs.
I think our preference would be to disallow leading numeric digits entirely so that for example, 0x0 and 0o0 would be blocked as well, to try to prevent both user and programmatic confusion. Probably adduser should also be made consistent with whatever change is made to useradd. The package provided adduser.conf files do have a NAME_REGEX option (in addition to the --force-badname option) but AFAICT is commented out by default (the commented out regex is "^[a-z][-a-z0-9_]*\$" but I'm not sure that's appropriate in a UTF-8 world.) It would be good to have testcase and documentation for this captured somewhere. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1927078 Title: Don't allow useradd to use fully numeric names To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/1927078/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
