Hello,

When prompted for the login of the first user, a check is performed to ensure it is valid.
However, the character '_' (underscore) is rejected.
Is it thinkable to have it accepted?

reassign 521883 adduser
retitle 521883 Should accept underscores in usernames by default
thanks

Quoting Christophe (christophe.curis@free.fr):


Underscores are not accepted by default by the "adduser" command in
Debian (adduser is a high level command to create users, that's built
on top of the standard useradd commant from the passwd package.

The installer team decided to stick with the default behaviour of
adduser. If an underscore is acceptable, then accepting it should be
implemented in adduser before the installer accepts it.

I reassign this bug to adduser but I think this has been debated many
times already....I just prefer leaving the answer to adduser
maintainers

Hi!

I've implemented a new SYS_NAME_REGEX so that at least system names
can accept _-prefixed values. This is the standard used on various
BSDs, it is vendor neutral (not just a Debianism), and it is short
causing way less display problems.

I don't think accepting _-prefixed names for normal users would be
wise, as that would remove the namespaced disctinction.

Having this in the archive would allow us to promote these system
names, and use them w/o needing the --force-badname option!

Thanks,
Guillem

Hello and apologies for the delay,

على الأحد 23 تشرين الأول 2016 ‫06:52، كتب Guillem Jover:
[...]

This is somewhat similar to #432562. The difference, as I see it, is
capital letters + compatibility with Ubuntu versus underscores +
compatibility with BSDs. I don't see that any of the breakage concerns
originally raised in #432562 apply to this suggestion.

I am also in favor of reducing unnecessary incompatibilities that can
cause confusion. People of #432562, do you have any comments?

regards
Afif

Hi!

Well using _-prefix is vendor neutral, and shorter so in addition
causes less display issues.

At least Ian seemed to retract his previous support for Debian-style
names in <https://lists.debian.org/debian-devel/2016/10/msg00577.html>,
but I'll let him confirm this.

I also think allowing Debian-style names by default would be a bad
idea, and I'm glad that bug is marked as wontfix. ;)

(You might also like to check the thread starting at
<https://lists.debian.org/debian-devel/2016/10/msg00546.html>.)

Thanks,
Guillem

على الخميس 24 تشرين الثاني 2016 ‫16:30، كتب Guillem Jover:

I thought that bug report was simply about using a capital letter
prefix, not necessarily [dD]ebian-* (especially since it was an
Ubuntu-proposed change). Anyway...

Many thanks for these links. I've read through all of them, as well as
the much older threads and tickets that were linked from these discussions.

Since considering underscore-prefixed names as a valid format for system
user accounts does not necessarily mandate its use, I have no problem
accepting this. The campaign for making it the resolution of #248809 is
another matter.

Thanks and regards
Afif

Control: severity -1 wishlist
thanks

For the time being, it is going to stay wontfix, especially since
Debian's policy has been amended to recommend the underscore notation
for package-related system accounts. I am adjusting the severity
accordingly.

To allow upper case names for normal user accounts, I am still opposed
to doing this in Debian. I will consider advice from the TC should
somebody want to ask them.

Greetings
Marc

Control: severity -1 important
thanks

Since we discussed this for the last time, Debian policy was amended to
recommend _username for newly created system accounts. This clearly
means that adduser should accept prefixed underscores for system
accounts.

In my opinion, this automatically means that normal user accounts should
not have an underscore prefix, this is especially valid for accounts
created from d-i. The local admin is of course free to ask for trouble
with adduser --force-badname, but the installer should not allow this.

The original intent of this bug report was to allow the installer to
create underscore-prefixed user accounts. For this case, my resolution
is "wontfix", but we should change the behavior for adduser --system.

I am also willing to have this bug report closed with the adduser
--system modification after so many years. If the original submitter
does still care they're invited to file a new bug.

Greetings
Marc

Control: severity -1 important
thanks

Since we discussed this for the last time, Debian policy was amended to
recommend _username for newly created system accounts. This clearly
means that adduser should accept prefixed underscores for system
accounts.

In my opinion, this automatically means that normal user accounts should
not have an underscore prefix, this is especially valid for accounts
created from d-i. The local admin is of course free to ask for trouble
with adduser --force-badname, but the installer should not allow this.

The original intent of this bug report was to allow the installer to
create underscore-prefixed user accounts. For this case, my resolution
is "wontfix", but we should change the behavior for adduser --system.

I am also willing to have this bug report closed with the adduser
--system modification after so many years. If the original submitter
does still care they're invited to file a new bug.

Greetings
Marc

Control: retitle -1 Have different regexps for system and user account names
thanks

I think we should eventually accept this patch and then change the
default regexps according to the discussion we had in policy and
debian-devel in March 2022.

The rest of this message is communication internal to the adduser team
and sent to the other participants of this bug as information.

Adduser should check system and user account names against different
regular expressions. Currently, we just have NAME_REGEX. The system
account should be matched against a new expression called
SYS_NAME_REGEX, configurable in adduser.conf just as NAME_REGEX.
Guillem's patch seems to correctly do that.

The command line option --force-badname should switch off both checks.
Guillem's patch seems to correctly do that

The default for SYS_NAME_REGEX should be [_[:lower:]][-_[:lower:][:digit:]]*

Document (README.adduser-for-packages, adduser(8)) that --force-badname
is no longer needed for policy compliant system user names. Document
SYS_NAME_REGEX in adduser(8), but not in config file. Document
(README.adduser-for-packages, adduser(8)) that changing SYS_NAME_REGEX
to something more restrictive might make packages break. If you don't
feel like doing that documentation, just leave it out and I'll
contribute the wording.

For a user account, the default should be
[[:lower:][:upper:]][-_[:lower:][:upper:][:digit:]]* Document
(adduser(8)) that dots are deliberately not allowed and that local
administrators are invited to add dots to the regexp and to file bugs
against packages that still break while using dot notation in chown. If
you don't feel like doing that documentation, just leave it out and I'll
contribute the wording.

Also document that --force-badname is no longer needed for user names beginning with underscore.

Guillem's patch also adds some more functionality to the configuration
file parser and the internal format. Please check whether this matches
what we intend to do.

Greetings
Marc

Control: retitle -1 Have different regexps for system and user account names
thanks

I think we should eventually accept this patch and then change the
default regexps according to the discussion we had in policy and
debian-devel in March 2022.

The rest of this message is communication internal to the adduser team
and sent to the other participants of this bug as information.

Adduser should check system and user account names against different
regular expressions. Currently, we just have NAME_REGEX. The system
account should be matched against a new expression called
SYS_NAME_REGEX, configurable in adduser.conf just as NAME_REGEX.
Guillem's patch seems to correctly do that.

The command line option --force-badname should switch off both checks.
Guillem's patch seems to correctly do that

The default for SYS_NAME_REGEX should be [_[:lower:]][-_[:lower:][:digit:]]*

Document (README.adduser-for-packages, adduser(8)) that --force-badname
is no longer needed for policy compliant system user names. Document
SYS_NAME_REGEX in adduser(8), but not in config file. Document
(README.adduser-for-packages, adduser(8)) that changing SYS_NAME_REGEX
to something more restrictive might make packages break. If you don't
feel like doing that documentation, just leave it out and I'll
contribute the wording.

For a user account, the default should be
[[:lower:][:upper:]][-_[:lower:][:upper:][:digit:]]* Document
(adduser(8)) that dots are deliberately not allowed and that local
administrators are invited to add dots to the regexp and to file bugs
against packages that still break while using dot notation in chown. If
you don't feel like doing that documentation, just leave it out and I'll
contribute the wording.

Also document that --force-badname is no longer needed for user names beginning with underscore.

Guillem's patch also adds some more functionality to the configuration
file parser and the internal format. Please check whether this matches
what we intend to do.

Greetings
Marc

I apologize for botching up the first instance of this message. The
following is identical to message #64 and quoted for completeness.

I think we should eventually accept this patch and then change the
default regexps according to the discussion we had in policy and
debian-devel in March 2022.

The rest of this message is communication internal to the adduser team
and sent to the other participants of this bug as information.

Adduser should check system and user account names against different
regular expressions. Currently, we just have NAME_REGEX. The system
account should be matched against a new expression called
SYS_NAME_REGEX, configurable in adduser.conf just as NAME_REGEX.
Guillem's patch seems to correctly do that.

The command line option --force-badname should switch off both checks.
Guillem's patch seems to correctly do that

The default for SYS_NAME_REGEX should be [_[:lower:]][-_[:lower:][:digit:]]*

Document (README.adduser-for-packages, adduser(8)) that --force-badname
is no longer needed for policy compliant system user names. Document
SYS_NAME_REGEX in adduser(8), but not in config file. Document
(README.adduser-for-packages, adduser(8)) that changing SYS_NAME_REGEX
to something more restrictive might make packages break. If you don't
feel like doing that documentation, just leave it out and I'll
contribute the wording.

For a user account, the default should be
[[:lower:][:upper:]][-_[:lower:][:upper:][:digit:]]* Document
(adduser(8)) that dots are deliberately not allowed and that local
administrators are invited to add dots to the regexp and to file bugs
against packages that still break while using dot notation in chown. If
you don't feel like doing that documentation, just leave it out and I'll
contribute the wording.

Also document that --force-badname is no longer needed for user names beginning with underscore.

Guillem's patch also adds some more functionality to the configuration
file parser and the internal format. Please check whether this matches
what we intend to do.

Greetings
Marc

I apologize for botching up the first instance of this message. The
following is identical to message #64 and quoted for completeness.

I think we should eventually accept this patch and then change the
default regexps according to the discussion we had in policy and
debian-devel in March 2022.

The rest of this message is communication internal to the adduser team
and sent to the other participants of this bug as information.

Adduser should check system and user account names against different
regular expressions. Currently, we just have NAME_REGEX. The system
account should be matched against a new expression called
SYS_NAME_REGEX, configurable in adduser.conf just as NAME_REGEX.
Guillem's patch seems to correctly do that.

The command line option --force-badname should switch off both checks.
Guillem's patch seems to correctly do that

The default for SYS_NAME_REGEX should be [_[:lower:]][-_[:lower:][:digit:]]*

Document (README.adduser-for-packages, adduser(8)) that --force-badname
is no longer needed for policy compliant system user names. Document
SYS_NAME_REGEX in adduser(8), but not in config file. Document
(README.adduser-for-packages, adduser(8)) that changing SYS_NAME_REGEX
to something more restrictive might make packages break. If you don't
feel like doing that documentation, just leave it out and I'll
contribute the wording.

For a user account, the default should be
[[:lower:][:upper:]][-_[:lower:][:upper:][:digit:]]* Document
(adduser(8)) that dots are deliberately not allowed and that local
administrators are invited to add dots to the regexp and to file bugs
against packages that still break while using dot notation in chown. If
you don't feel like doing that documentation, just leave it out and I'll
contribute the wording.

Also document that --force-badname is no longer needed for user names beginning with underscore.

Guillem's patch also adds some more functionality to the configuration
file parser and the internal format. Please check whether this matches
what we intend to do.

Greetings
Marc

Hello,

Bug #521883 in adduser reported by you has been fixed in the
Git repository and is awaiting an upload. You can see the commit
message below and you can check the diff of the fix at:

https://salsa.debian.org/debian/adduser/-/commit/cf2b488599743b2900155745267da0e4b2a1e3de
------------------------------------------------------------------------
Implement SYS_NAME_REGEX.

Closes: #521883
Closes: #432562
------------------------------------------------------------------------

(this message was generated automatically)
-- 
Greetings

https://bugs.debian.org/521883

We believe that the bug you reported is fixed in the latest version of
adduser, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 521883@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Marc Haber <mh+debian-packages@zugschlus.de> (supplier of updated adduser package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
Format: 1.8
Date: Wed, 13 Jul 2022 20:30:00 +0200
Source: adduser
Architecture: source
Version: 3.122
Distribution: unstable
Urgency: low
Maintainer: Debian Adduser Developers <adduser@packages.debian.org>
Changed-By: Marc Haber <mh+debian-packages@zugschlus.de>
Closes: 202943 239825 398793 432562 520037 521883 588872 643559 664869 675804 679746 685532 701110 723572 774046 849265 874560 891748 896916 908997 920739 923059 925511 926262 969217 977678 979385 983405 992163 1001863 1006897 1006941 1006975 1007785 1008081 1008091 1014395 1014448
Changes:
 adduser (3.122) unstable; urgency=low
 .
   [ Marc Haber ]
   * improve package description.
   * Standards-Version: 4.6.1 (no changes necessary)
   * clean out EXTRA_GROUPS to only contain users.
     Thanks to Daniel Keast. (Closes: #849265)
   * add SECURITY section to manual pages.
   * add test for backups of home directory.
   * improve and update lintian overrides.
   * Formatting changes to manual pages.
     Thanks to Markus Hiereth. (Closes: #874560)
   * fix some typos in manual pages.
   * set VERBOSE and DEBUG envvars in deluser as well. (Closes: #1006897)
   * add documentation about adduser being a policy layer. (Closes: #1007785)
   * try to clarify system account terminology (policy vs system).
     (Closes: #1006975)
   * Document that only adduser --system is idempotent. (Closes: #723572)
   * error out for two-argument addgroup.
     Thanks to Mike Dornberger. (Closes: #664869)
   * make --add_extra_groups into --add-extra-groups. (Closes: #1014395)
   * --force-badname is now --allow-badname. (Closes: #1014448)
   * update turkish debconf translation.
     Thanks to Atila KOÇ. (Closes: #908997)
   * Update Russian debconf translation.
     Thanks to Lev Lamberov. (Closes: #920739)
   * Update Danish debconf translation (Closes: #923059)
   * Update Italian debconf translation.
     Thanks to Luca Monducci. (Closes: #969217)
   * Update German man page translation.
     Thanks to Helge Kreutzmann. (Closes: #977678)
   * Update European Portuguese translation of man page.
     Thanks to Américo Monteiro. (Closes: #925511)
   * disable translated manpages, none left for the time being.
   * deprecate planned directory service support.
   * Add docs about adduser.local being the place to interact with DS,
   * Some improvements to autopkgtests.
 .
   [ Matt Barry ]
   * System account home dir defaults to /nonexistent. (Closes: #679746)
   * do not accept all-numeric user names. (Closes: #891748)
   * prompts need y/n/empty(default).
   * Implement SYS_DIR_MODE. (Closes: #1008081, #202943, #398793)
   * Implement SYS_NAME_REGEX. (Closes: #521883, #432562)
   * Deprecate SETGID_HOME.
     Add NEWS/TODO items. (Closes: #643559, #979385, #1008091, #643559)
   * Fix ignored files for --remove-all-files.
     (Closes: #1001863, #588872, #926262, #992163)
   * Redefines the default NO_DEL_PATHS to avoid unnecessary
     scanning.
   * Change deluser_files test to use gzip.
   * Fix deletion of sockets/pipes. (Closes: #685532)
   * Simplify checkname sub.  (Closes: #1006941)
   * Adds support for lock files. (Closes: #983405)
   * Username validity testing framework.
   * Add --allow-all-names to bypass --force-badname.
     (Closes: #520037, #774046)
   * use warnf instead of printf in some places. (Closes: #675804)
   * Support tar --auto-compress for backups. (Closes: #896916)
   * Many improvements to autopkgtests. (Closes: 239825)
 .
   [ Jason Franklin ]
   * Allow for cloned-UID users in group member lists.
     Thanks to Daniel Heimann. (Closes: #701110)
Checksums-Sha1:
 5cbcec9f80e5c73198307edb7040c5c12bb35d3f 1683 adduser_3.122.dsc
 ccf7c4e3efec29257e3b484bb53c2a55d69e0455 230224 adduser_3.122.tar.xz
 27c0ec7f2d7048ddfd7f89dc33012bef7a8e5866 5697 adduser_3.122_source.buildinfo
Checksums-Sha256:
 584ed616d8ac705daffc96564ef45fb34f2eb9663f7348013adea0e4539a869c 1683 adduser_3.122.dsc
 5f093054c0f0c90c313d704f7af6d338f334df793942fafd43e5a8e6c63236c4 230224 adduser_3.122.tar.xz
 7f92d3de2b5ea8da31088424a2043831dedc8aab8f60158e37455cb3a350d63e 5697 adduser_3.122_source.buildinfo
Files:
 0c7d4c5bcd648b829bcaa58101fecbb7 1683 admin important adduser_3.122.dsc
 1da1b75966877f902c4b6d0d5f105609 230224 admin important adduser_3.122.tar.xz
 ab9602ba5d83a6de88ab29bb2e76d961 5697 admin important adduser_3.122_source.buildinfo
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEE6QL5UJ/L0pcuNEbjj3cgEwEyBEIFAmLPEWMACgkQj3cgEwEy
BELCfhAAujNsWZNpvvi2vpDICGMPprz7MooXq5B4fe6fR6nR5Pizh+0E9Skh7NVl
Z5qJvIzcNcva+/TYkml0wO77H1fPefQ+sgxCHmtUTBwK9LZPdh0b6MrWK7hWnhk0
QI/mRMKoNUrMSpVz6suvetUrHvVymWBv/hsQHTt5uSOAB/Wqwbfdt0VFYgQ2i+Yd
Vtr1+U4yjPZ+j9kAFg7HYnVc2Jh8J07ipRrSRnC07AB3wvwcunUiv2fOzJi4S51S
9n/LllsXNS4629siVKDspKOtaak3dpXRPLHFgB+hPlZRhdCCKWoto9TrY1e3XY8N
zZRSYVULaH9OkuIFx6yoUuChhDmteyZ+C0TJlv+qaigf34/qaqF15pu4ee5ZlmuT
SYHI2vcYQ0yXJ92U2U56hYvlzFZufyopWUQkALKwGEzq13LMlMtTJhKypl2PnwzF
jL/n0r0P92kSUd0BAFuzsdp3PPkQoTG9hSTf5BQAXN9JR1dYkIjc95si8KKZ+FD+
Gda+o46EUo3tLgAYGxStxoPsgNb8n2mePrFB5cXERL84uimeVNMg4Hnmt8+cqnYw
jbdDxODIBNsgoCYEqqTe2NOyBQv5gPb0PXYekiHNFRH70sTJDPIjQkrnrYQX73xZ
W5ap2XFEMpqGrFa8VyUwRl15/MAg5Ds0bRi7GzlGPKIKKK8PFFI=
=6vgg
-----END PGP SIGNATURE-----