morgan/systemd
1
0
Fork 0
mirror of https://github.com/morgan9e/systemd synced 2026-04-15 00:47:10 +09:00
Code Issues Packages Projects Releases Wiki Activity

docs/USER_NAMES: format text

Browse Source
This commit is contained in:
hulkoba
2024-02-26 14:36:46 +01:00
parent 56a0f583f7
commit 07cf50ec02
1 changed files with 42 additions and 49 deletions
Download Patch File Download Diff File Expand all files Collapse all files

91
docs/USER_NAMES.md
View File

@@ -7,49 +7,45 @@ SPDX-License-Identifier: LGPL-2.1-or-later
# User/Group Name Syntax # User/Group Name Syntax
The precise set of allowed user and group names on Linux systems is weakly The precise set of allowed user and group names on Linux systems is weakly defined.
defined. Depending on the distribution a different set of requirements and Depending on the distribution a different set of requirements and
restrictions on the syntax of user/group names are enforced — on some restrictions on the syntax of user/group names are enforced — on some
distributions the accepted syntax is even configurable by the administrator. In distributions the accepted syntax is even configurable by the administrator.
the interest of interoperability systemd enforces different rules when In the interest of interoperability systemd enforces different rules when
processing users/group defined by other subsystems and when defining users/groups processing users/group defined by other subsystems and when defining users/groups
itself, following the principle of "Be conservative in what you send, be itself, following the principle of "Be conservative in what you send, be liberal in what you accept".
liberal in what you accept". Also in the interest of interoperability systemd Also in the interest of interoperability systemd will enforce the same rules everywhere and not make them configurable or distribution dependent.
will enforce the same rules everywhere and not make them configurable or The precise rules are described below.
distribution dependent. The precise rules are described below.
Generally, the same rules apply for user as for group names. Generally, the same rules apply for user as for group names.
## Other Systems ## Other Systems
* On POSIX the set of [valid user * On POSIX the set of
names](https://pubs.opengroup.org/onlinepubs/9699919799/basedefs/V1_chap03.html#tag_03_437) [valid user names](https://pubs.opengroup.org/onlinepubs/9699919799/basedefs/V1_chap03.html#tag_03_437)
is defined as [lower and upper case ASCII letters, digits, period, is defined as
underscore, and [lower and upper case ASCII letters, digits, period, underscore, and hyphen](https://pubs.opengroup.org/onlinepubs/9699919799/basedefs/V1_chap03.html#tag_03_282),
hyphen](https://pubs.opengroup.org/onlinepubs/9699919799/basedefs/V1_chap03.html#tag_03_282), with the restriction that hyphen is not allowed as first character of the user name.
with the restriction that hyphen is not allowed as first character of the Interestingly no size limit is declared, i.e. in neither
user name. Interestingly no size limit is declared, i.e. in neither
direction, meaning that strictly speaking, according to POSIX, both the empty direction, meaning that strictly speaking, according to POSIX, both the empty
string is a valid user name as well as a string of gigabytes in length. string is a valid user name as well as a string of gigabytes in length.
* Debian/Ubuntu based systems enforce the regular expression * Debian/Ubuntu based systems enforce the regular expression `^[a-z][-a-z0-9]*$`, i.e.
`^[a-z][-a-z0-9]*$`, i.e. only lower case ASCII letters, digits and only lower case ASCII letters, digits and hyphens.
hyphens. As first character only lowercase ASCII letters are allowed. This As first character only lowercase ASCII letters are allowed.
regular expression is configurable by the administrator at runtime This regular expression is configurable by the administrator at runtime though.
though. This rule enforces a minimum length of one character but no maximum This rule enforces a minimum length of one character but no maximum length.
length.
* Upstream shadow-utils enforces the regular expression * Upstream shadow-utils enforces the regular expression
`^[a-z_][a-z0-9_-]*[$]$`, i.e. is similar to the Debian/Ubuntu rule, but `^[a-z_][a-z0-9_-]*[$]$`, i.e.is similar to the Debian/Ubuntu rule,
allows underscores and hyphens, but the latter not as first character. Also, but allows underscores and hyphens, but the latter not as first character.
an optional trailing dollar character is permitted. Also, an optional trailing dollar character is permitted.
* Fedora/Red Hat based systems enforce the regular expression of * Fedora/Red Hat based systems enforce the regular expression of
`^[a-zA-Z0-9_.][a-zA-Z0-9_.-]{0,30}[a-zA-Z0-9_.$-]?$`, i.e. a size limit of `^[a-zA-Z0-9_.][a-zA-Z0-9_.-]{0,30}[a-zA-Z0-9_.$-]?$`, i.e. a size limit of
32 characters, with upper and lower case letters, digits, underscores, 32 characters, with upper and lower case letters, digits, underscores, hyphens and periods.
hyphens and periods. No hyphen as first character though, and the last No hyphen as first character though, and the last character may be a dollar character.
character may be a dollar character. On top of that, `.` and `..` are not On top of that, `.` and `..` are not allowed as user/group names.
allowed as user/group names.
* sssd is known to generate user names with embedded `@` and white-space * sssd is known to generate user names with embedded `@` and white-space
characters, as well as non-ASCII (i.e. UTF-8) user/group names. characters, as well as non-ASCII (i.e. UTF-8) user/group names.
@@ -58,16 +54,15 @@ Generally, the same rules apply for user as for group names.
white-space characters, as well as non-ASCII (i.e. UTF-8) user/group names. white-space characters, as well as non-ASCII (i.e. UTF-8) user/group names.
Other operating systems enforce different rules; in this documentation we'll Other operating systems enforce different rules; in this documentation we'll
focus on Linux systems only however, hence those are out of scope. That said, focus on Linux systems only however, hence those are out of scope.
software like Samba is frequently deployed on Linux for providing compatibility That said, software like Samba is frequently deployed on Linux for providing compatibility
with Windows systems; on such systems it might be wise to stick to user/group with Windows systems; on such systems it might be wise to stick to user/group
names also valid according to Windows rules. names also valid according to Windows rules.
## Rules systemd enforces ## Rules systemd enforces
Distilled from the above, below are the rules systemd enforces on user/group Distilled from the above, below are the rules systemd enforces on user/group names.
names. An additional, common rule between both modes listed below is that empty An additional, common rule between both modes listed below is that empty strings are not valid user/group names.
strings are not valid user/group names.
Philosophically, the strict mode described below enforces an allow list of Philosophically, the strict mode described below enforces an allow list of
what's allowed and prohibits everything else, while the relaxed mode described what's allowed and prohibits everything else, while the relaxed mode described
@@ -83,18 +78,17 @@ or a regular user with
[`systemd-homed.service`](https://www.freedesktop.org/software/systemd/man/systemd-homed.html). [`systemd-homed.service`](https://www.freedesktop.org/software/systemd/man/systemd-homed.html).
In strict mode, only uppercase and lowercase characters are allowed, as well as In strict mode, only uppercase and lowercase characters are allowed, as well as
digits, underscores and hyphens. The first character may not be a digit or digits, underscores and hyphens.
hyphen. A size limit is enforced: the minimum of `sysconf(_SC_LOGIN_NAME_MAX)` The first character may not be a digit or hyphen. A size limit is enforced: the minimum of `sysconf(_SC_LOGIN_NAME_MAX)`
(typically 256 on Linux; rationale: this is how POSIX suggests to detect the (typically 256 on Linux; rationale: this is how POSIX suggests to detect the
limit), `UT_NAMESIZE-1` (typically 31 on Linux; rationale: names longer than limit), `UT_NAMESIZE-1` (typically 31 on Linux; rationale: names longer than
this cannot correctly appear in `utmp`/`wtmp` and create ambiguity with login this cannot correctly appear in `utmp`/`wtmp` and create ambiguity with login
accounting) and `NAME_MAX` (255 on Linux; rationale: user names typically accounting) and `NAME_MAX` (255 on Linux; rationale: user names typically
appear in directory names, i.e. the home directory), thus MIN(256, 31, 255) = appear in directory names, i.e. the home directory), thus MIN(256, 31, 255) = 31.
31.
Note that these rules are both more strict and more relaxed than all of the Note that these rules are both more strict and more relaxed than all of the
rules enforced by other systems listed above. A user/group name conforming to rules enforced by other systems listed above.
systemd's strict rules will not necessarily pass a test by the rules enforced A user/group name conforming to systemd's strict rules will not necessarily pass a test by the rules enforced
by these other subsystems. by these other subsystems.
Written as regular expression the above is: `^[a-zA-Z_][a-zA-Z0-9_-]{0,30}$` Written as regular expression the above is: `^[a-zA-Z_][a-zA-Z0-9_-]{0,30}$`
@@ -107,8 +101,8 @@ components of the system, for example in
[`systemd-logind.service`](https://www.freedesktop.org/software/systemd/man/systemd-logind.html). [`systemd-logind.service`](https://www.freedesktop.org/software/systemd/man/systemd-logind.html).
Relaxed syntax is also enforced by the `User=` setting in service unit files, Relaxed syntax is also enforced by the `User=` setting in service unit files,
i.e. for system services used for running services. Since these users may be i.e. for system services used for running services.
registered by a variety of tools relaxed mode is used, but since the primary Since these users may be registered by a variety of tools relaxed mode is used, but since the primary
purpose of these users is to run a system service and thus a job for systemd a purpose of these users is to run a system service and thus a job for systemd a
warning is shown if the specified user name does not qualify by the strict warning is shown if the specified user name does not qualify by the strict
rules above. rules above.
@@ -150,16 +144,15 @@ Note that these relaxed rules are implied by the strict rules above, i.e. all
user/group names accepted by the strict rules are also accepted by the relaxed user/group names accepted by the strict rules are also accepted by the relaxed
rules, but not vice versa. rules, but not vice versa.
Note that this relaxed mode does not refuse a couple of very questionable Note that this relaxed mode does not refuse a couple of very questionable syntaxes.
syntaxes. For example, it permits a leading or embedded period. A leading period For example, it permits a leading or embedded period.
is problematic because the matching home directory would typically be hidden A leading period is problematic because the matching home directory would typically be hidden
from the user's/administrator's view. An embedded period is problematic since from the user's/administrator's view.
it creates ambiguity in traditional `chown` syntax (which is still accepted An embedded period is problematic since it creates ambiguity in traditional `chown` syntax (which is still accepted
today) that uses it to separate user and group names in the command's today) that uses it to separate user and group names in the command's
parameter: without consulting the user/group databases it is not possible to parameter: without consulting the user/group databases it is not possible to
determine if a `chown` invocation would change just the owning user or both the determine if a `chown` invocation would change just the owning user or both the owning user and group.
owning user and group. It also allows embedding `@` (which is confusing to It also allows embedding `@` (which is confusing to MTAs).
MTAs).
## Common Core ## Common Core