For some strange reason I am no longer able to create groupnames or usernames (with useradd and groupadd) that contain a dot.
Uptill now it was possible to create user&groupnames like c.smith but now I get these errors:
[root@server etc]# useradd c.smith useradd: invalid user name 'c.smith'
[root@server1 etc]# groupadd c.smith groupadd: c.smith is a not a valid group name
Anything without a dot works without problems.
The box is a (fully updated) CentOS 3.6 x86_64 box with Dual Opteron cpu.
Thanks for any hints!
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Fri, Dec 30, 2005 at 12:48:18PM +0100, Remco Barendse wrote:
For some strange reason I am no longer able to create groupnames or usernames (with useradd and groupadd) that contain a dot.
Uptill now it was possible to create user&groupnames like c.smith but now I get these errors:
[root@server etc]# useradd c.smith useradd: invalid user name 'c.smith'
[root@server1 etc]# groupadd c.smith groupadd: c.smith is a not a valid group name
Anything without a dot works without problems.
The box is a (fully updated) CentOS 3.6 x86_64 box with Dual Opteron cpu.
As far as I know, dots where never supposed to be valid characters for Unix usernames. The historical reasons are many, including the syntax of some commands that take username as a parameter. Several commands will that username.group as a parameter and, as you can see, the dot can get in the way of that.
So, if you ask me, the upstream provider just corrected a long standing compatibility issue.
In any case, if you really want to have usernames with dots on it, you can create them manualy, or create them without the dot, and then change them by editing the apropriate files.
Best Regards,
- -- Rodrigo Barbosa rodrigob@suespammers.org "Quid quid Latine dictum sit, altum viditur" "Be excellent to each other ..." - Bill & Ted (Wyld Stallyns)
As far as I know, dots where never supposed to be valid characters for Unix usernames. The historical reasons are many, including the syntax of some commands that take username as a parameter. Several commands will that username.group as a parameter and, as you can see, the dot can get in the way of that.
So, if you ask me, the upstream provider just corrected a long standing compatibility issue.
I think it's really a bug :
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=159034
but not something the upstream provider cares to fix it seems
In any case, if you really want to have usernames with dots on it, you can create them manualy, or create them without the dot, and then change them by editing the apropriate files.
That's what I did now but I'm not very comfortable in editing /etc/shadow by hand
Thanks for the feedback!
Try this one:
chown -R c.smith.users /home/c.smith
See the problem?
-Ben
On Friday 30 December 2005 03:48, Remco Barendse wrote:
For some strange reason I am no longer able to create groupnames or usernames (with useradd and groupadd) that contain a dot.
Quoting Robin Mordasiewicz robin@bullseye.tv:
On Thu, 5 Jan 2006, Benjamin Smith wrote:
Try this one:
chown -R c.smith.users /home/c.smith
See the problem?
what about chown -R c.smith:users /home/c.smith
The ':' is not really an solution because it doesn't really address the problem. The problem is that the first syntax (using dot) is valid.
Consider you have users "foo" and "foo.bar" and group "bar". What will "chown foo.bar file" do? Change the owner of the file to user foo.bar or change the owner to foo and group to bar? Yes, you can use column instead of dot on command line. However, many scripts still use dot (and there is nothing wrong with it, since using dot to separate username and group is perfectly valid).
---------------------------------------------------------------- This message was sent using IMP, the Internet Messaging Program.
Quoting Aleksandar Milivojevic (alex@milivojevic.org):
Quoting Robin Mordasiewicz robin@bullseye.tv:
On Thu, 5 Jan 2006, Benjamin Smith wrote:
Try this one:
chown -R c.smith.users /home/c.smith
See the problem?
what about chown -R c.smith:users /home/c.smith
The ':' is not really an solution because it doesn't really address the problem. The problem is that the first syntax (using dot) is valid.
Consider you have users "foo" and "foo.bar" and group "bar". What will "chown foo.bar file" do? Change the owner of the file to user foo.bar or change the owner to foo and group to bar? Yes, you can use column instead of dot on command line. However, many scripts still use dot (and there is nothing wrong with it, since using dot to separate username and group is perfectly valid).
To argue that "." is disallowed in usernames because it has special syntactic meaning to "chown" then it may be necessary to explain why "-" is allowed in filenames when it has special syntactic meaning to many commands.
chown(2) doesn't care about dots in usernames and it would be easy enough to code chown(1) to allow a dotted username to be escaped, so it's not really a compelling reason for disallowing them.
However, where dots have not been allowed in usernames historically, it may be inadvisible to start allowing them to avoid breaking any code that implicitly or otherwise assumes that usernames won't contain dots.
James
On Fri, 2006-01-06 at 01:37 +0000, James Fidell wrote:
Quoting Aleksandar Milivojevic (alex@milivojevic.org):
Quoting Robin Mordasiewicz robin@bullseye.tv:
On Thu, 5 Jan 2006, Benjamin Smith wrote:
Try this one:
chown -R c.smith.users /home/c.smith
See the problem?
what about chown -R c.smith:users /home/c.smith
The ':' is not really an solution because it doesn't really address the problem. The problem is that the first syntax (using dot) is valid.
Consider you have users "foo" and "foo.bar" and group "bar". What will "chown foo.bar file" do? Change the owner of the file to user foo.bar or change the owner to foo and group to bar? Yes, you can use column instead of dot on command line. However, many scripts still use dot (and there is nothing wrong with it, since using dot to separate username and group is perfectly valid).
To argue that "." is disallowed in usernames because it has special syntactic meaning to "chown" then it may be necessary to explain why "-" is allowed in filenames when it has special syntactic meaning to many commands.
I disagree ... not that it matters what I think. If chown and chgrp allow dots to seperate user and group, I don't think they should not be allowed in user names (or at least this should be a major factor to consider).
chown(2) doesn't care about dots in usernames and it would be easy enough to code chown(1) to allow a dotted username to be escaped, so it's not really a compelling reason for disallowing them.
However, where dots have not been allowed in usernames historically, it may be inadvisible to start allowing them to avoid breaking any code that implicitly or otherwise assumes that usernames won't contain dots.
BUT, the I think that the real reason that dots should not be allowed in user names is because this doesn't allow dots:
RFC 4282 - The Network Access Identifier
There is no requirement to follow this for usernames; however, I think we should.
On 06/01/06, Johnny Hughes mailing-lists@hughesjr.com wrote:
I disagree ... not that it matters what I think. If chown and chgrp allow dots to seperate user and group, I don't think they should not be allowed in user names (or at least this should be a major factor to consider).
"I don't think they should not be allowed", is that double negative intentional? :)
I think '.' as a separator for chown etc. is a GNU thing. I seem to remember Solaris only accepts ':'.
http://www.cs.biu.ac.il/cgi-bin/man?chown+1
FWIW, using '.' as a separator isn't documented in the GNU chown man page.
Will.
On Fri, 2006-01-06 at 11:09 +0000, Will McDonald wrote:
On 06/01/06, Johnny Hughes mailing-lists@hughesjr.com wrote:
I disagree ... not that it matters what I think. If chown and chgrp allow dots to seperate user and group, I don't think they should not be allowed in user names (or at least this should be a major factor to consider).
"I don't think they should not be allowed", is that double negative intentional? :)
Accident ... I don't think they should be allowed :)
I think '.' as a separator for chown etc. is a GNU thing. I seem to remember Solaris only accepts ':'.
right ... if this was solaris, dots would be ok :)
but ... I still think dots should not be used. I can see the benefit too though.
On 1/5/06, Johnny Hughes mailing-lists@hughesjr.com wrote:
BUT, the I think that the real reason that dots should not be allowed in user names is because this doesn't allow dots:
RFC 4282 - The Network Access Identifier
There is no requirement to follow this for usernames; however, I think we should.
Unless I'm misreading the RFC, it does allow dots in usernames?
nai = username nai =/ "@" realm nai =/ username "@" realm
username = dot-string dot-string = string dot-string =/ dot-string "." string
Josh Kelley
Josh Kelley wrote:
On 1/5/06, Johnny Hughes mailing-lists@hughesjr.com wrote:
BUT, the I think that the real reason that dots should not be allowed in user names is because this doesn't allow dots:
RFC 4282 - The Network Access Identifier
There is no requirement to follow this for usernames; however, I think we should.
Unless I'm misreading the RFC, it does allow dots in usernames?
nai = username nai =/ "@" realm nai =/ username "@" realm
username = dot-string dot-string = string dot-string =/ dot-string "." string
I don't know myself but Fedora Core 4 allows dots in usernames. useradd asdf.adsf under Fedora Core 4 works just fine as well as userdel asdf.asdf . I wonder which direction RHEL will follow in the future since Fedora is usually the test ground for newer stuff in RHEL.
On Fri, 6 Jan 2006, Adam Gibson wrote:
Josh Kelley wrote:
On 1/5/06, Johnny Hughes mailing-lists@hughesjr.com wrote:
BUT, the I think that the real reason that dots should not be allowed in user names is because this doesn't allow dots:
RFC 4282 - The Network Access Identifier
There is no requirement to follow this for usernames; however, I think we should.
Unless I'm misreading the RFC, it does allow dots in usernames?
nai = username nai =/ "@" realm nai =/ username "@" realm
username = dot-string dot-string = string dot-string =/ dot-string "." string
I don't know myself but Fedora Core 4 allows dots in usernames. useradd asdf.adsf under Fedora Core 4 works just fine as well as userdel asdf.asdf . I wonder which direction RHEL will follow in the future since Fedora is usually the test ground for newer stuff in RHEL.
It seems it's really a bug in RHEL 3, RHEL 2.1 allows a dot, so does RHEL 4.x (and IMHO a dot should be allowed, I don't care if a package from the previous millennium doesn't work anymore)
I wonder if I could just install shadow-utils from RHEL4 on my CentOS 3.x boxes (maybe it will work after rebuilding the RPM)
-
Adam Gibson -
Aleksandar Milivojevic -
Benjamin Smith -
James Fidell -
Johnny Hughes -
Josh Kelley -
Remco Barendse -
Robin Mordasiewicz -
Rodrigo Barbosa -
Will McDonald