Fabio Pugliese Ornellas
2007-Jan-23 20:56 UTC
Bug#408148: adduser: Wrong failure message on invalid group name.
Package: adduser Version: 3.63 Severity: normal I can not explain how the following can happen: root@ampere:/var/lib/cvs# addgroup ''a:a'' addgroup: To avoid problems, the username should consist of letters, digits, underscores, periods and dashes. For compatibility with Samba machine accounts $ is also supported at the end of the username root@ampere:/var/lib/cvs# addgroup ''a_a'' addgroup: Please enter a username matching the regular expression configured via the name_regex configuration variable. Use the `--force-badname'' option to relax this check or reconfigure name_regex. root@ampere:/var/lib/cvs# The first message tells me that the second call of addgroup should work, but it does not. The more strange is that it the error message the second time is different. And it also mention name_regex that is nowhere to be found (I did not digged at the source code to find out...). Also, I could not find any documentation on valid group names. Only at adduser.conf(5) I found USER_REGEX that configures user names (not group names). Hope this helps. Thank you. -- System Information: Debian Release: 3.1 Architecture: i386 (i686) Kernel: Linux 2.6.8-3-686 Locale: LANG=pt_BR, LC_CTYPE=pt_BR (charmap=ISO-8859-1) Versions of packages adduser depends on: ii debconf 1.4.30.13 Debian configuration management sy ii passwd 1:4.0.3-31sarge9 change and administer password and ii perl-base 5.8.4-8sarge5 The Pathologically Eclectic Rubbis -- debconf information: adduser/homedir-permission: true
Marc Haber
2007-Jan-23 22:29 UTC
Bug#408148: [Adduser-devel] Bug#408148: adduser: Wrong failure message on invalid group name.
On Tue, Jan 23, 2007 at 05:33:07PM -0200, Fabio Pugliese Ornellas wrote:> I can not explain how the following can happen: > > root@ampere:/var/lib/cvs# addgroup ''a:a'' > addgroup: To avoid problems, the username should consist of > letters, digits, underscores, periods and dashes. For compatibility with > Samba machine accounts $ is also supported at the end of the username > root@ampere:/var/lib/cvs# addgroup ''a_a'' > addgroup: Please enter a username matching the regular expression > configured > via the name_regex configuration variable. Use the `--force-badname'' > option to relax this check or reconfigure name_regex. > root@ampere:/var/lib/cvs#The code regarding account name validation has been completely re-worked since the sarge release. I suspect this has been fixed since then. A group name with : is unlikely to work in a traditional /etc/group setup. Greetings Marc -- ----------------------------------------------------------------------------- Marc Haber | "I don''t trust Computers. They | Mailadresse im Header Mannheim, Germany | lose things." Winona Ryder | Fon: *49 621 72739834 Nordisch by Nature | How to make an American Quilt | Fax: *49 621 72739835
Joerg Hoh
2007-Jan-23 23:05 UTC
Bug#408148: [Adduser-devel] Bug#408148: adduser: Wrong failure message on invalid group name.
On Tue, Jan 23, 2007 at 05:33:07PM -0200, Fabio Pugliese Ornellas wrote:> Package: adduser > Version: 3.63 > Severity: normal > > I can not explain how the following can happen: > > root@ampere:/var/lib/cvs# addgroup ''a:a'' > addgroup: To avoid problems, the username should consist of > letters, digits, underscores, periods and dashes. For compatibility with > Samba machine accounts $ is also supported at the end of the username > root@ampere:/var/lib/cvs# addgroup ''a_a'' > addgroup: Please enter a username matching the regular expression > configured > via the name_regex configuration variable. Use the `--force-badname'' > option to relax this check or reconfigure name_regex. > root@ampere:/var/lib/cvs#Marc, this anomality still exists: -------- joerg@hydra ~ $ LANG=C sudo addgroup ''a:a'' addgroup: To avoid problems, the username should consist only of letters, digits, underscores, periods, at signs and dashes, and not start with a dash (as defined by IEEE Std 1003.1-2001). For compatibility with Samba machine accounts $ is also supported at the end of the username joerg@hydra ~ $ LANG=C sudo addgroup ''a_a'' addgroup: Please enter a username matching the regular expression configured via the NAME_REGEX configuration variable. Use the `--force-badname'' option to relax this check or reconfigure NAME_REGEX. joerg@hydra ~ $ LANG=C sudo addgroup --version adduser version 3.102 Adds a user or group to the system. ----- Joerg -- What did you do to the cat? It looks half-dead. -Schroedinger''s wife -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: Digital signature Url : http://lists.alioth.debian.org/pipermail/adduser-devel/attachments/20070123/dda51143/attachment.pgp
Stephen Gran
2007-Jan-24 03:03 UTC
Bug#408148: [Adduser-devel] Bug#408148: adduser: Wrong failure message on invalid group name.
This one time, at band camp, Joerg Hoh said:> Marc, this anomality still exists: > > -------- > > joerg@hydra ~ $ LANG=C sudo addgroup ''a:a'' > addgroup: To avoid problems, the username should consist only of > letters, digits, underscores, periods, at signs and dashes, and not start > with > a dash (as defined by IEEE Std 1003.1-2001). For compatibility with Samba > machine accounts $ is also supported at the end of the username > joerg@hydra ~ $ LANG=C sudo addgroup ''a_a'' > addgroup: Please enter a username matching the regular expression > configured > via the NAME_REGEX configuration variable. Use the `--force-badname'' > option to relax this check or reconfigure NAME_REGEX.The first one (a:a) _should_ fail, at least for now. /etc/passwd style files just won''t cope with a user or group name with a : in them. LDAP or other backends will be more graceful, and when adduser supports seperate backends, we can consider it. The second one fails because of this: steve@gashuffer:~$ grep name_regex AdduserCommon.pm $configref->{"name_regex"} = "^[a-z][-a-z0-9]*\$"; I am not convinced yet that this is wrong behavior. Adduser seems to have two failure modes: we will not allow this (a:a), and we will not allow this without --force-badname (a_a). I am not convinced that a_a is that bad a username, but the seperate handling is appropriate, and should only be changed after some discussion. My personal inclination is to add an underscore to the list of characters allowed in the second block of the regex (i.e., not the first character of the name), but I don''t have a strong opinion on the matter. -- ----------------------------------------------------------------- | ,''''`. Stephen Gran | | : :'' : sgran@debian.org | | `. `'' Debian user, admin, and developer | | `- http://www.debian.org | ----------------------------------------------------------------- -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: Digital signature Url : http://lists.alioth.debian.org/pipermail/adduser-devel/attachments/20070124/5ad430af/attachment.pgp
Joerg Hoh
2007-Jun-27 21:24 UTC
[Adduser-devel] Bug#408148: adduser: Wrong failure message on invalid group name.
On Dienstag 23 Januar 2007, you wrote:> Package: adduser > Version: 3.63 > Severity: normal > > I can not explain how the following can happen: > > root at ampere:/var/lib/cvs# addgroup ''a:a'' > addgroup: To avoid problems, the username should consist of > letters, digits, underscores, periods and dashes. For compatibility with > Samba machine accounts $ is also supported at the end of the username > root at ampere:/var/lib/cvs# addgroup ''a_a'' > addgroup: Please enter a username matching the regular expression > configured > via the name_regex configuration variable. Use the `--force-badname'' > option to relax this check or reconfigure name_regex. > root at ampere:/var/lib/cvs# > > The first message tells me that the second call of addgroup should work, > but it does not. The more strange is that it the error message the > second time is different. And it also mention name_regex that is nowhere > to be found (I did not digged at the source code to find out...). Also, > I could not find any documentation on valid group names. Only at > adduser.conf(5) I found USER_REGEX that configures user names (not group > names).This is rather simple: addgroup ''a:a'' is rejected by a hardcoded regex in adduser; this regular expression enforces the conformity to IEEE Std 1003.1-2001; this regular expression rejects the ":". addgroup ''a_a'' is accepted the above mentioned regular expression but rejected by the expression "name_regex" (because of the "_" character) which can be customized in /etc/adduser.conf (NAME_REGEX, see man 5 adduser.conf). I documented in adduser.conf (5) that NAME_REGEX also applies to group names and added the commented out default value to adduser.conf. Also added a paragraph to the manpage describing what a valid name is. J?rg -- What did you do to the cat? It looks half-dead. -Schroedinger''s wife -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part. Url : http://lists.alioth.debian.org/pipermail/adduser-devel/attachments/20070627/1d908b19/attachment.pgp
Debian Bug Tracking System
2007-Jul-09 23:21 UTC
[Adduser-devel] Bug#408148: marked as done (adduser: Wrong failure message on invalid group name.)
Your message dated Mon, 09 Jul 2007 23:17:02 +0000 with message-id <E1I82TW-0003Uj-Kd at ries.debian.org> and subject line Bug#408148: fixed in adduser 3.104 has caused the attached Bug report to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what I am talking about this indicates a serious mail system misconfiguration somewhere. Please contact me immediately.) Debian bug tracking system administrator (administrator, Debian Bugs database) -------------- next part -------------- An embedded message was scrubbed... From: Fabio Pugliese Ornellas <fabio.ornellas at gmail.com> Subject: adduser: Wrong failure message on invalid group name. Date: Tue, 23 Jan 2007 17:33:07 -0200 Size: 2856 Url: http://lists.alioth.debian.org/pipermail/adduser-devel/attachments/20070709/21c57e4c/attachment-0002.eml -------------- next part -------------- An embedded message was scrubbed... From: Stephen Gran <sgran at debian.org> Subject: Bug#408148: fixed in adduser 3.104 Date: Mon, 09 Jul 2007 23:17:02 +0000 Size: 4739 Url: http://lists.alioth.debian.org/pipermail/adduser-devel/attachments/20070709/21c57e4c/attachment-0003.eml