[Bug 1927078] Re: Don't allow useradd to use fully numeric names

Victor Tapia 1927078 at bugs.launchpad.net
Tue May 4 15:24:03 UTC 2021 

I don't have a strong opinion either, but given that scripts would
ignore the warnings and the resulting numeric users are going to face
random, seemingly unrelated issues thanks to the interaction with
systemd, I think I prefer the failure.

FWIW, I've prepared a test version in a PPA[1] which keeps the rules
from Debian[2] but prevents the fully numeric names. This is what it
looks like:

$ useradd 0
useradd: invalid user name '0'

$ echo $?
3

$ sudo useradd 0c0

$ sudo useradd 0 --badnames

$ cat /etc/passwd | grep ^0
0c0:x:1001:1001::/home/0c0:/bin/sh
0:x:1002:1002::/home/0:/bin/sh



[1] https://launchpad.net/~vtapia/+archive/ubuntu/sf305373
[2] https://salsa.debian.org/debian/shadow/-/blob/master/debian/patches/506_relaxed_usernames

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to shadow in Ubuntu.
https://bugs.launchpad.net/bugs/1927078

Title:
  Don't allow useradd to use fully numeric names

Status in shadow package in Ubuntu:
  New
Status in shadow source package in Focal:
  New
Status in shadow source package in Groovy:
  New
Status in shadow source package in Hirsute:
  New
Status in shadow source package in Impish:
  New

Bug description:
  [Description]

  Fully numeric names support in Ubuntu is inconsistent in Focal onwards
  because systemd does not like them[1] but are still allowed by default
  by useradd, leaving the session behavior in hands of the running
  applications. Two examples:

  1. After creating a user named "0", the user can log in via ssh or
  console but loginctl won't create a session for it:

  root at focal:/home/ubuntu# useradd -m 0
  root at focal:/home/ubuntu# id 0
  uid=1005(0) gid=1005(0) groups=1005(0)

  ..

  0 at 192.168.122.6's password:
  Welcome to Ubuntu 20.04.2 LTS (GNU/Linux 5.8.0-48-generic x86_64)

  Last login: Thu Apr  8 16:17:06 2021 from 192.168.122.1
  $ loginctl
  No sessions.
  $ w
   16:20:09 up 4 min,  1 user,  load average: 0.03, 0.14, 0.08
  USER     TTY      FROM             LOGIN@   IDLE   JCPU   PCPU WHAT
  0        pts/0    192.168.122.1    16:17    0.00s  0.00s  0.00s w  

  And pam-systemd shows the following message:

  Apr 08 16:17:06 focal sshd[1584]: pam_unix(sshd:session): session opened for user 0 by (uid=0)
  Apr 08 16:17:06 focal sshd[1584]: pam_systemd(sshd:session): pam-systemd initializing
  Apr 08 16:17:06 focal sshd[1584]: pam_systemd(sshd:session): Failed to get user record: Invalid argument

  
  2. With that same username, every successful authentication in gdm will loop back to gdm again instead of starting gnome, making the user unable to login.

  
  Making useradd fail (unless --badnames is set) when a fully numeric name is used will make the default OS behavior consistent.

  
  [Other info]

  - Upstream does not support fully numeric usernames
  - useradd has a --badnames parameter that would still allow the use of these type of names

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/1927078/+subscriptions

More information about the foundations-bugs mailing list