On Fri, Dec 13, 2024 at 07:00:36PM +0200, Peter Pentchev wrote:
On Fri, Dec 13, 2024 at 10:08:19AM -0500, Michael Stone wrote:
On Fri, Dec 13, 2024 at 12:22:38PM +0100, Marc Haber wrote:
> They are planning to remove the --badname option from useradd, making
> it impossible to even try UTF-8 user names, without patching useradd.
Or edit the passwd file (vipw), or use any non-passwd-file authentication
mechanism, or use a different user management tool, etc.
I think you're overemphasizing the importance of the useradd command
here--it just acts as a convenience and sets some baseline policies;
it's not actually essential for adding a user. If you don't like the policy
that useradd sets...just don't use it.
In the context of the whole thread, are you suggesting that adduser(1)
should be changed to use something other than useradd(8) under the hood?
No, I'm suggesting that rhetoric asserting that any adduser/useradd
policy could constrain people is overblown because users can be added to
the system without using either of those tools. The tools' policies
should reflect what is safest and most sensible for the majority of
users, but if someone wants to do something different there is nothing
stopping them from doing so.
The claim at the top of this subthread is that some useradd change would
prevent people from experimenting with UTF-8 usernames. As an exercise I
just created UTF-8 users and groups entirely without useradd/adduser
(using vipw and vigr):
getent passwd 1144
💩:*:1144:1144::/nowhere:/bin/false
getent group 1144
💩:*:1144:
ls -l /tmp/samplefile
-rw-r--r-- 1 💩 💩 0 Dec 13 22:42 /tmp/samplefile
On an individual basis there aren't so many steps that creating a user
manually is a big deal, or that a script dedicated to creating users
according to the policies of a particular environment would be overly
complicated. For a large organization I question the idea that user
accounts would be managed by adduser/useradd at all.
