Adduser devel - Jan 2007 - Bug#408148: adduser: Wrong failure message on invalid group name.

Package: adduser
Version: 3.63
Severity: normal

I can not explain how the following can happen:

root@ampere:/var/lib/cvs# addgroup ''a:a''
addgroup: To avoid problems, the username should consist of
letters, digits, underscores, periods and dashes. For compatibility with
Samba machine accounts $ is also supported at the end of the username
root@ampere:/var/lib/cvs# addgroup ''a_a''
addgroup: Please enter a username matching the regular expression
configured
via the name_regex configuration variable.  Use the `--force-badname''
option to relax this check or reconfigure name_regex.
root@ampere:/var/lib/cvs#

The first message tells me that the second call of addgroup should work,
but it does not. The more strange is that it the error message the
second time is different. And it also mention name_regex that is nowhere
to be found (I did not digged at the source code to find out...). Also,
I could not find any documentation on valid group names. Only at
adduser.conf(5) I found USER_REGEX that configures user names (not group
names).

Hope this helps.

Thank you.

-- System Information:
Debian Release: 3.1
Architecture: i386 (i686)
Kernel: Linux 2.6.8-3-686
Locale: LANG=pt_BR, LC_CTYPE=pt_BR (charmap=ISO-8859-1)

Versions of packages adduser depends on:
ii  debconf                 1.4.30.13        Debian configuration management sy
ii  passwd                  1:4.0.3-31sarge9 change and administer password and
ii  perl-base               5.8.4-8sarge5    The Pathologically Eclectic Rubbis

-- debconf information:
  adduser/homedir-permission: true

On Tue, Jan 23, 2007 at 05:33:07PM -0200, Fabio Pugliese Ornellas
wrote:
> I can not explain how the following can happen:
> 
> root@ampere:/var/lib/cvs# addgroup ''a:a''
> addgroup: To avoid problems, the username should consist of
> letters, digits, underscores, periods and dashes. For compatibility with
> Samba machine accounts $ is also supported at the end of the username
> root@ampere:/var/lib/cvs# addgroup ''a_a''
> addgroup: Please enter a username matching the regular expression
> configured
> via the name_regex configuration variable.  Use the
`--force-badname''
> option to relax this check or reconfigure name_regex.
> root@ampere:/var/lib/cvs#
The code regarding account name validation has been completely
re-worked since the sarge release. I suspect this has been fixed since
then.

A group name with : is unlikely to work in a traditional /etc/group
setup.

Greetings
Marc

-- 
-----------------------------------------------------------------------------
Marc Haber         | "I don''t trust Computers. They | Mailadresse
im Header
Mannheim, Germany  |  lose things."    Winona Ryder | Fon: *49 621 72739834
Nordisch by Nature |  How to make an American Quilt | Fax: *49 621 72739835

On Tue, Jan 23, 2007 at 05:33:07PM -0200, Fabio Pugliese Ornellas
wrote:
> Package: adduser
> Version: 3.63
> Severity: normal
> 
> I can not explain how the following can happen:
> 
> root@ampere:/var/lib/cvs# addgroup ''a:a''
> addgroup: To avoid problems, the username should consist of
> letters, digits, underscores, periods and dashes. For compatibility with
> Samba machine accounts $ is also supported at the end of the username
> root@ampere:/var/lib/cvs# addgroup ''a_a''
> addgroup: Please enter a username matching the regular expression
> configured
> via the name_regex configuration variable.  Use the
`--force-badname''
> option to relax this check or reconfigure name_regex.
> root@ampere:/var/lib/cvs#
Marc, this anomality still exists:

--------

joerg@hydra ~ $ LANG=C sudo addgroup ''a:a''
addgroup: To avoid problems, the username should consist only of
letters, digits, underscores, periods, at signs and dashes, and not start
with
a dash (as defined by IEEE Std 1003.1-2001). For compatibility with Samba
machine accounts $ is also supported at the end of the username
joerg@hydra ~ $ LANG=C sudo addgroup ''a_a''
addgroup: Please enter a username matching the regular expression
configured
via the NAME_REGEX configuration variable.  Use the `--force-badname''
option to relax this check or reconfigure NAME_REGEX.
joerg@hydra ~ $ LANG=C sudo addgroup --version
adduser version 3.102

Adds a user or group to the system.

-----

Joerg

-- 
What did you do to the cat? It looks half-dead. -Schroedinger''s wife
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url :
http://lists.alioth.debian.org/pipermail/adduser-devel/attachments/20070123/dda51143/attachment.pgp

This one time, at band camp, Joerg Hoh said:
> Marc, this anomality still exists:
> 
> --------
> 
> joerg@hydra ~ $ LANG=C sudo addgroup ''a:a''
> addgroup: To avoid problems, the username should consist only of
> letters, digits, underscores, periods, at signs and dashes, and not start
> with
> a dash (as defined by IEEE Std 1003.1-2001). For compatibility with Samba
> machine accounts $ is also supported at the end of the username
> joerg@hydra ~ $ LANG=C sudo addgroup ''a_a''
> addgroup: Please enter a username matching the regular expression
> configured
> via the NAME_REGEX configuration variable.  Use the
`--force-badname''
> option to relax this check or reconfigure NAME_REGEX.
The first one (a:a) _should_ fail, at least for now.  /etc/passwd style
files just won''t cope with a user or group name with a : in them.  LDAP
or other backends will be more graceful, and when adduser supports
seperate backends, we can consider it.

The second one fails because of this:
steve@gashuffer:~$ grep name_regex AdduserCommon.pm
  $configref->{"name_regex"} = "^[a-z][-a-z0-9]*\$";

I am not convinced yet that this is wrong behavior.  Adduser seems to
have two failure modes: we will not allow this (a:a), and we will not
allow this without --force-badname (a_a).  I am not convinced that a_a
is that bad a username, but the seperate handling is appropriate, and
should only be changed after some discussion.  My personal inclination
is to add an underscore to the list of characters allowed in the second
block of the regex (i.e., not the first character of the name), but I
don''t have a strong opinion on the matter.
-- 
 -----------------------------------------------------------------
|   ,''''`.                                            Stephen
Gran |
|  : :'' :                                        sgran@debian.org |
|  `. `''                        Debian user, admin, and developer |
|    `-                                     http://www.debian.org |
 -----------------------------------------------------------------
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url :
http://lists.alioth.debian.org/pipermail/adduser-devel/attachments/20070124/5ad430af/attachment.pgp

On Dienstag 23 Januar 2007, you wrote:
> Package: adduser
> Version: 3.63
> Severity: normal
>
> I can not explain how the following can happen:
>
> root at ampere:/var/lib/cvs# addgroup ''a:a''
> addgroup: To avoid problems, the username should consist of
> letters, digits, underscores, periods and dashes. For compatibility with
> Samba machine accounts $ is also supported at the end of the username
> root at ampere:/var/lib/cvs# addgroup ''a_a''
> addgroup: Please enter a username matching the regular expression
> configured
> via the name_regex configuration variable.  Use the
`--force-badname''
> option to relax this check or reconfigure name_regex.
> root at ampere:/var/lib/cvs#
>
> The first message tells me that the second call of addgroup should work,
> but it does not. The more strange is that it the error message the
> second time is different. And it also mention name_regex that is nowhere
> to be found (I did not digged at the source code to find out...). Also,
> I could not find any documentation on valid group names. Only at
> adduser.conf(5) I found USER_REGEX that configures user names (not group
> names).
This is rather simple:

addgroup ''a:a'' is rejected by a hardcoded regex in adduser;
this regular
expression enforces the conformity to IEEE Std 1003.1-2001; this regular 
expression rejects the ":".

addgroup ''a_a'' is accepted the above mentioned regular
expression but rejected
by the expression "name_regex" (because of the "_"
character) which can be
customized in /etc/adduser.conf (NAME_REGEX, see man 5 adduser.conf).

I documented in adduser.conf (5) that NAME_REGEX also applies to group names 
and added the commented out default value to adduser.conf.  Also added a 
paragraph to the manpage describing what a valid name is.

J?rg

-- 
What did you do to the cat? It looks half-dead. -Schroedinger''s wife
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part.
Url :
http://lists.alioth.debian.org/pipermail/adduser-devel/attachments/20070627/1d908b19/attachment.pgp

Your message dated Mon, 09 Jul 2007 23:17:02 +0000
with message-id <E1I82TW-0003Uj-Kd at ries.debian.org>
and subject line Bug#408148: fixed in adduser 3.104
has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)

-------------- next part --------------
An embedded message was scrubbed...
From: Fabio Pugliese Ornellas <fabio.ornellas at gmail.com>
Subject: adduser: Wrong failure message on invalid group name.
Date: Tue, 23 Jan 2007 17:33:07 -0200
Size: 2856
Url:
http://lists.alioth.debian.org/pipermail/adduser-devel/attachments/20070709/21c57e4c/attachment-0002.eml
-------------- next part --------------
An embedded message was scrubbed...
From: Stephen Gran <sgran at debian.org>
Subject: Bug#408148: fixed in adduser 3.104
Date: Mon, 09 Jul 2007 23:17:02 +0000
Size: 4739
Url:
http://lists.alioth.debian.org/pipermail/adduser-devel/attachments/20070709/21c57e4c/attachment-0003.eml