Iirc systemd refused usernames starting with a number. There was a huge discussion in the systemd bugtracker but I don't remeber the outcome anymore.
Part of the problem is that commands accept both usernames and userid AS parameters and there just be some clear way to distinguish those two. I suggest checking the systemd bugtracker before starting another discussion here ;-) See here: https://github.com/systemd/systemd/issues/6237 Uli Am 24.10.2017 21:42 schrieb "Norman Gray" <g...@nxg.name>: Greetings. [I'm happy to submit this as a bug at bugs.x2go.org, but < https://wiki.x2go.org/doku.php/wiki:bugs> recommends discussing potential bugs here beforehand] At present, x2goserver sanitises usernames with a regexp in x2goutils.pm and in x2gosqlitewrapper.pl (same in both places). That's: if ($string =~ /^([a-zA-Z\_][a-zA-Z0-9\_\-\.\ @]{0,47}[\$]?)\-([\d]{2,4})\-([\d]{9,12})\_[a-zA-Z0-9\_\-\.]*\_dp[\d]{1,2}$/) { A username of, eg, '1234567x' fails this test. I believe such a username should not fail. * POSIX/Single Unix says of the username simply "To be portable across systems conforming to POSIX.1-2008, the value is composed of characters from the portable filename character set. The <hyphen-minus> character should not be used as the first character of a portable user name." (see < http://pubs.opengroup.org/onlinepubs/9699919799/>, paragraph 3.437) * The Debian useradd(8) page recommends something matching /^[a-z_][a-z0-9_-]*$/, but goes on to say "On Debian, the only constraints are that usernames must neither start with a dash ('-') nor contain a colon (':') or a whitespace (space: ' ', end of line: '\n', tabulation: '\t', etc.). Note that using a slash ('/') may break the default algorithm for the definition of the user's home directory." (see eg < https://www.unix.com/man-page/linux/8/useradd/>) * The corresponding RedHat/CentOS manpage doesn't even include that, and instead says only "Usernames may only be up to 32 characters long." FreeBSD is similarly laid-back about the username. I myself think that a username like '1234567x' is asking for at least a little bit of trouble, but those are the networked usernames I'm having to deal with, so that trouble is not of my asking. Also, I suspect that the trailing character is there precisely in order to avoid this matching /^[0-9]+$/, and thus to be interpretable as a number. This does appear to be the source of my login problems, since if I hack the two files above, to have the regexp start with [a-zA-Z0-9\_], then my users can log in without difficulty. This hacking is obviously not a great solution. This issue was discussed on the user list a little while ago < http://lists.x2go.org/pipermail/x2go-user/2015-April/003161.html> (that's what gave me the aha!). There, Mihai Moldovan said "That's non-standard-compliant and you're basically on your own when doing "funky stuff"." To be clear, I think such usernames are less than ideal, but I don't think they count as funky or non-compliant. ---- As a distinct but related matter, when a failing username is rejected by this test, the session doesn't fail, but simply seems to hang, giving no feedback about the problem, nor, as far as I can see, reporting anything in the logs. Whatever the decision about this report, it would be useful to fail in a more communicative way. I'd be interested in your views. Best wishes, Norman -- Norman Gray : https://nxg.me.uk _______________________________________________ x2go-dev mailing list x2go-dev@lists.x2go.org https://lists.x2go.org/listinfo/x2go-dev
_______________________________________________ x2go-dev mailing list x2go-dev@lists.x2go.org https://lists.x2go.org/listinfo/x2go-dev