Package: adduser
Version: 3.103
Several packages have started creating system users whose names
contain uppercase letters. These names for system users have some
advantages over normal names, particularly:
* It is easy to tell such a system user from a normal user even
if it uses a normal-user-range uid and has a per-user group.
* Mail delivery systems etc. typically won't deliver to such
users (because they lowercase the name before lookup)
* These names do not clash with names created for normal users
because normal user-creation tools refuse to create them.
* Most other tools behave properly with usernames containing
capitals.
Currently packages that create system users with any uppercase letters
in the name need to pass --force-badname to adduser. This is not
ideal; for example, it gives package maintainers the idea that a name
with a capital letter is not significantly better than one containing
punctuation, top-bit-set octets, etc.
I propose that we relax this restriction. The attached patch causes
adduser to allow uppercase letters but only if --system is specified.
(This is achieved by a separate NAME_REGEX_SYSTEM config option.)
FYI, this is being deployed in Ubuntu as adduser 3.103ubuntu1.
Ian.
diff -ru orig/adduser-3.103/AdduserCommon.pm adduser-3.103/AdduserCommon.pm
--- orig/adduser-3.103/AdduserCommon.pm 2007-06-17 10:21:09.000000000 +0100
+++ adduser-3.103/AdduserCommon.pm 2007-07-10 16:11:08.000000000 +0100
@@ -207,6 +207,7 @@
$configref->{"setgid_home"} = "no";
$configref->{"no_del_paths"} = "^/$ ^/lost+found/.* ^/media/.* ^/mnt/.*
^/etc/.* ^/bin/.* ^/boot/.* ^/dev/.* ^/lib/.* ^/proc/.* ^/root/.* ^/sbin/.*
^/tmp/.* ^/sys/.* ^/srv/.* ^/opt/.* ^/initrd/.* ^/usr/.* ^/var/.*";
$configref->{"name_regex"} = "^[a-z][-a-z0-9]*\$";
+ $configref->{"name_regex_system"} = "^[A-Za-z][-A-Za-z0-9]*\$";
$configref->{"exclude_fstypes"} = "(proc|sysfs|usbfs|devpts|tmpfs)";
$configref->{"skel_ignore_regex"} = "dpkg-(old|new|dist)\$";
$configref->{"extra_groups"} = "dialout cdrom floppy audio src video lp
users";
Only in adduser-3.103: AdduserCommon.pm~
diff -ru orig/adduser-3.103/adduser adduser-3.103/adduser
--- orig/adduser-3.103/adduser 2007-02-26 21:34:05.000000000 +0000
+++ adduser-3.103/adduser 2007-07-10 16:12:36.000000000 +0100
@@ -214,7 +214,7 @@
# preseed configuration data and then read the config file
preseed_config([EMAIL PROTECTED],\%config);
-&checkname($new_name) if defined $new_name;
+&checkname($new_name, $found_sys_opt) if defined $new_name;
$SIG{'INT'} = $SIG{'QUIT'} = $SIG{'HUP'} = 'handler';
#####
@@ -843,11 +843,12 @@
# checkname: perform some sanity checks
# parameters:
-# none
+# name: the name to check
+# system: 0 if the user isn't a system user, 1 otherwise
# return values:
# none (exits on error)
sub checkname {
- my ($name) = @_;
+ my ($name, $system) = @_;
if ($name !~ /[EMAIL PROTECTED]/) {
printf STDERR
(gtx("%s: To avoid problems, the username should consist only of
@@ -856,15 +857,17 @@
machine accounts \$ is also supported at the end of the username\n"), $0);
exit 1;
}
- if ($name !~ qr/$config{"name_regex"}/) {
+ if ($system
+ ? $name !~ qr/$config{"name_regex_system"}/
+ : $name !~ qr/$config{"name_regex"}/) {
if ($allow_badname) {
print (gtx("Allowing use of questionable username.\n")) if ($verbose);
}
else {
printf STDERR
(gtx("%s: Please enter a username matching the regular expression configured
-via the NAME_REGEX configuration variable. Use the `--force-badname'
-option to relax this check or reconfigure NAME_REGEX.\n"), $0);
+via the NAME_REGEX[_SYSTEM] configuration variable. Use the `--force-badname'
+option to relax this check or reconfigure NAME_REGEX or
NAME_REGEX_SYSTEM.\n"), $0);
exit 1;
}
}
@@ -1011,7 +1014,7 @@
general options:
--quiet | -q don't give process information to stdout
--force-badname allow usernames which do not match the
- NAME_REGEX configuration variable
+ NAME_REGEX[_SYSTEM] configuration variable
--help | -h usage message
--version | -v version number and copyright
--conf | -c FILE use FILE as configuration file\n\n");
Only in adduser-3.103: adduser~
diff -ru orig/adduser-3.103/debian/changelog adduser-3.103/debian/changelog
--- orig/adduser-3.103/debian/changelog 2007-06-18 23:45:05.000000000 +0100
+++ adduser-3.103/debian/changelog 2007-07-10 16:13:06.000000000 +0100
@@ -1,3 +1,12 @@
+adduser (3.103ubuntu1) gutsy; urgency=low
+
+ [ Ian Jackson ]
+ * Allow uppercase letters in the names of system users.
+ This is done by having a separate NAME_REGEX_SYSTEM configuration
+ setting which applies when --system is specified.
+
+ -- Ian Jackson <[EMAIL PROTECTED]> Tue, 10 Jul 2007 16:12:56 +0100
+
adduser (3.103) unstable; urgency=low
[ Joerg Hoh ]
Only in adduser-3.103/debian: changelog~
diff -ru orig/adduser-3.103/doc/adduser.8 adduser-3.103/doc/adduser.8
--- orig/adduser-3.103/doc/adduser.8 2007-04-06 21:30:31.000000000 +0100
+++ adduser-3.103/doc/adduser.8 2007-07-10 14:57:21.000000000 +0100
@@ -192,7 +192,12 @@
.B \-\-force\-badname
By default, user and group names are checked against the configurable
regular expression
-.B NAME_REGEX
+.B NAME_REGEX
+(or
+.B NAME_REGEX
+if
+.B --system
+is specified)
specified in the configuration file. This option forces
.B adduser
and
Only in adduser-3.103/doc: adduser.8~
diff -ru orig/adduser-3.103/doc/adduser.conf.5 adduser-3.103/doc/adduser.conf.5
--- orig/adduser-3.103/doc/adduser.conf.5 2007-03-05 21:32:28.000000000
+0000
+++ adduser-3.103/doc/adduser.conf.5 2007-07-10 14:57:21.000000000 +0100
@@ -112,6 +112,15 @@
doesn't match this regexp, user creation in adduser is refused unless
--force-badname is set. With --force-badname set, only weak checks are
performed. The default is the most conservative ^[a-z][-a-z0-9]*$.
+When --system is specified, NAME_REGEX_SYSTEM is used instead.
+.TP
+\fBNAME_REGEX_SYSTEM\fB
+Names of system users are checked against this regular expression.
+If --system is supplied and the name
+doesn't match this regexp, user creation in adduser is refused unless
+--force-badname is set. With --force-badname set, only weak checks are
+performed. The default is as for the default NAME_REGEX but also
+allowing uppercase letters.
.TP
\fBSKEL_IGNORE_REGEX\fB
Files in /etc/skel/ are checked against this regex, and not copied to
Only in adduser-3.103/doc: adduser.conf.5~
