venam
Hello fellow nixers,

This thread is about a conversation we had yesterday on IRC.
I was wondering about usernames on Unix.

I'm just gonna post the monologue I had:

Quote:what if when you install a Unix OS you choose the username "daemon" or "games" or "man"
what happens?
what if you named it ":test:" I guess it'll escape the :
because there are : in the password file
ok, it doesn't allow it, it redirects me to IEEE Std 1003.1-2001
http://standards.ieee.org/findstds/stand...-2001.html
"""
adduser: To avoid problems, the username should consist only of
letters, digits, underscores, periods, at signs and dashes, and not start with
a dash (as defined by IEEE Std 1003.1-2001). For compatibility with Samba
machine accounts $ is also supported at the end of the username
"""
there's a --force-badname
http://pubs.opengroup.org/onlinepubs/969...tag_03_431
I tried '_' as username, same story but different message
it said to follow NAME_REGEX[_SYSTEM] and use --force-badname to allow it
"""
adduser: Please enter a username matching the regular expression configured
via the NAME_REGEX[_SYSTEM] configuration variable. Use the `--force-badname'
option to relax this check or reconfigure NAME_REGEX.
"""
nice
/etc/adduser.conf
it's there
NAME_REGEX="^[a-z][-a-z0-9_]*\$"
/etc/login.defs also has a lot of configuration about users
I discussed that when I talked about sharing a system

What do you think?
I couldn't find the answer to the first question and I didn't try yet.
TheAnachron
venam I did not try yet but I believe that there would be no issue? Why would there be one?
I will link to this answer this is pretty much all I would have said myself:

https://serverfault.com/questions/73084/...264#578264
venam
(09-09-2016, 04:50 AM)TheAnachron Wrote: venam I did not try yet but I believe that there would be no issue? Why would there be one?
There would be an issue to the:
Quote:what if when you install a Unix OS you choose the username "daemon" or "games" or "man"
what happens?
Some applications try to create those users and are only executed with them.
TheAnachron
Can you give me an example application where this username is fix? Because I have not heard of a program yet where I cannot change its daemon/agent username.
venam
(09-09-2016, 04:57 AM)TheAnachron Wrote: Can you give me an example application where this username is fix? Because I have not heard of a program yet where I cannot change its daemon/agent username.
Services and daemon users but also system users.
What about the "bin" and "sys" users.

I'm thinking about what would happen with the package manager upon installation of a daemon that will create a user with a specific name, let's say "postgres".
venam
Ok, I've ran the test and it confirmed my assumptions.

I've created a user called "redis" and then installed the `redis-server` package.
During installation it creates a directory with files /var/run/redis or /run/redis that is owned by the user "redis".
So as the redis user I can now edit those files directly.
The daemon is also run under the same username.
Quote:redis 4121 1 0 08:13 ? 00:00:00 /usr/bin/redis-server /etc/redis/redis.conf

Now, what if someone creates a program and name it "john" and runs the daemon as john and it suddenly gets popular and people install it all over the places.
TheAnachron
Hey venam that's interesting. But it's also quite obvious, no? In the future someone may name is package "alex-backup" and use the user alex for that.

Good programs/packages/libraries make the user customizeable. (using a configfile or env-variable)

One way this could be prevented would be an installation check in the package to install, if the user already exists it should abort. This is again depending on how well the package is made.




Members  |  Stats  |  Night Mode