[wellylug] Usernames with a '.'
Jim Cheetham
jim at gonzul.net
Wed Jan 18 21:00:53 NZDT 2006
On Wed, Jan 18, 2006 at 08:32:07PM +1300, Ian Beardslee wrote:
> > On 1/18/06, pmilne wrote:
> > > I seem to remember that such user names are 'deprecated' as leaving a
> > > security hole in some circumstances.
>
> Hmm, so why is it a risk? how does the '.' get in the way of things? Wierd!
Well, some versions of chown allow the syntax "user.group", which would
be utterly confused by dots in the username ... you'd get an error every
time you tried to chown a file :-)
I thought that perhaps POSIX strictly defined usernames as alphanumeric,
which would possibly exclude the '.' character - but from what I can see
from IEEE Std 1003.1-2001, "the value is composed of characters from the
portable filename character set. The hyphen should not be used as the
first character of a portable user name.". The portable filename
character set is :-
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
a b c d e f g h i j k l m n o p q r s t u v w x y z
0 1 2 3 4 5 6 7 8 9 . _ -
-jim
More information about the wellylug
mailing list