[CentOS] Why are dots in username & groupname no longer allowed?

Fri Jan 6 01:58:39 UTC 2006
Johnny Hughes <mailing-lists at hughesjr.com>

On Fri, 2006-01-06 at 01:37 +0000, James Fidell wrote:
> Quoting Aleksandar Milivojevic (alex at milivojevic.org):
> > Quoting Robin Mordasiewicz <robin at bullseye.tv>:
> > 
> > > On Thu, 5 Jan 2006, Benjamin Smith wrote:
> > >
> > >> Try this one:
> > >>
> > >> chown -R c.smith.users /home/c.smith
> > >>
> > >> See the problem?
> > >>
> > > what about
> > > chown -R c.smith:users /home/c.smith
> > 
> > The ':' is not really an solution because it doesn't really address the 
> > problem.
> > The problem is that the first syntax (using dot) is valid.
> > 
> > Consider you have users "foo" and "foo.bar" and group "bar". What
> > will "chown foo.bar file" do? Change the owner of the file to user
> > foo.bar or change the owner to foo and group to bar? Yes, you can use
> > column instead of dot on command line. However, many scripts still use
> > dot (and there is nothing wrong with it, since using dot to separate
> > username and group is perfectly valid).
> To argue that "." is disallowed in usernames because it has special
> syntactic meaning to "chown" then it may be necessary to explain why "-"
> is allowed in filenames when it has special syntactic meaning to many
> commands.

I disagree ... not that it matters what I think.  If chown and chgrp
allow dots to seperate user and group, I don't think they should not be
allowed in user names (or at least this should be a major factor to

> chown(2) doesn't care about dots in usernames and it would be easy enough
> to code chown(1) to allow a dotted username to be escaped, so it's not
> really a compelling reason for disallowing them.
> However, where dots have not been allowed in usernames historically, it
> may be inadvisible to start allowing them to avoid breaking any code that
> implicitly or otherwise assumes that usernames won't contain dots.

BUT, the I think that the real reason that dots should not be allowed in
user names is because this doesn't allow dots:

RFC 4282 - The Network Access Identifier

There is no requirement to follow this for usernames; however, I think
we should.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <http://lists.centos.org/pipermail/centos/attachments/20060105/e7ab4289/attachment-0005.sig>