Thanos Tsouanas wrote:
I just found out that chsh complains if a username has a '.' in it:
% sudo chsh foo.bar
[ ... ]
chsh: '.' is dangerous in a login name
I'm sure there's a reason (why? regexps involved?) but I think that
since chsh complains, adduser should complain too. No?
The reasons for usernames with periods in them being dangerous is
related to chown(8) (and maybe other things):
# mkdir test
# cd test
# useradd foo.bar
useradd: Warning: home directory `/home/foo.bar' doesn't exist, and -m
was not specified
# useradd foo
useradd: Warning: home directory `/home/foo' doesn't exist, and -m was
not specified
# groupadd bar
# touch a
# touch b
# ls -l
total 0
-rw-r--r-- 1 root wheel 0 Jul 20 13:32 a
-rw-r--r-- 1 root wheel 0 Jul 20 13:32 b
# chown foo.bar a
# ls -l a
-rw-r--r-- 1 foo.bar wheel 0 Jul 20 13:32 a
# userdel foo.bar
# chown foo.bar b
# ls -l b
-rw-r--r-- 1 foo bar 0 Jul 20 13:32 b
#
Even though the chown(8) man page states that the colon needs to be the
separator between user and group, the period (still(?), maybe for
historical/POSIXish reasons?) can function as the separator as well.
This means that under certain (pretty rare) conditions, e.g. if the
administrator forgot that foo.bar has been removed earlier (wrt the
example above), chown does something that wasn't intended instead of
printing the error that user "foo.bar" does not exist.
Assumed that this is the only place where '.' is dangerous in usernames,
the proper solution would probably be to compile chown in
/usr/src/bin/chmod with SUPPORT_DOT as undefined and to remove the
is-dangerous warning from all other places, like chsh ... and be
prepared to redirect lots of confused users to the manpage.
Alternatively, you could make it a policy to not user periods in
usernames on your system(s) or live with the effect that they can have
and simply be aware of them.
Whether making useradd and adduser complain is a good idea or not, I do
not know. Maybe it's even okay to just remove the warning from chsh in
any case, since it doesn't appear to be the appropriate tool to issue
such a warning.
Moritz
