From owner-freebsd-doc Tue Jan 28 6:40:23 2003 Delivered-To: freebsd-doc@hub.freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E8AB937B401 for ; Tue, 28 Jan 2003 06:40:19 -0800 (PST) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2478543FB9 for ; Tue, 28 Jan 2003 06:40:09 -0800 (PST) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.12.6/8.12.6) with ESMTP id h0SEe8NS096259 for ; Tue, 28 Jan 2003 06:40:08 -0800 (PST) (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.12.6/8.12.6/Submit) id h0SEe89x096258; Tue, 28 Jan 2003 06:40:08 -0800 (PST) Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D7DC037B401 for ; Tue, 28 Jan 2003 06:31:03 -0800 (PST) Received: from relay2.mecon.ar (relay2.mecon.ar [168.101.16.11]) by mx1.FreeBSD.org (Postfix) with ESMTP id 42BEA43F75 for ; Tue, 28 Jan 2003 06:31:02 -0800 (PST) (envelope-from fpscha@mecon.gov.ar) Received: from racing.mecon.ar (racing.mecon.ar [168.101.133.15]) by relay2.mecon.ar (8.12.6/8.12.6) with ESMTP id h0SEV0XC000449 for ; Tue, 28 Jan 2003 11:31:00 -0300 (ART) (envelope-from fpscha@mecon.gov.ar) Received: from racing.mecon.ar (meyosp.mecon.gov.ar [10.11.0.149]) by racing.mecon.ar (8.12.6/8.12.6) with ESMTP id h0SEUtQh098458 for ; Tue, 28 Jan 2003 11:30:55 -0300 (ART) (envelope-from fpscha@mecon.gov.ar) Received: from bal740r0.mecon.gov.ar (bal740r0.mecon.ar [10.11.1.11]) by racing.mecon.ar (8.12.6/8.12.6) with ESMTP id h0SEUrGS098451 for ; Tue, 28 Jan 2003 11:30:54 -0300 (ART) (envelope-from fpscha@mecon.gov.ar) Received: from bal740r0.mecon.gov.ar (localhost [127.0.0.1]) by bal740r0.mecon.gov.ar (8.12.6/8.12.6) with ESMTP id h0SEUr52001130 for ; Tue, 28 Jan 2003 11:30:53 -0300 (ART) (envelope-from fpscha@bal740r0.mecon.gov.ar) Received: (from fpscha@localhost) by bal740r0.mecon.gov.ar (8.12.6/8.12.6/Submit) id h0SEUrUF001129; Tue, 28 Jan 2003 11:30:53 -0300 (ART) (envelope-from fpscha) Message-Id: <200301281430.h0SEUrUF001129@bal740r0.mecon.gov.ar> Date: Tue, 28 Jan 2003 11:30:53 -0300 (ART) From: Fernando Schapachnik Reply-To: Fernando Schapachnik To: FreeBSD-gnats-submit@FreeBSD.org X-Send-Pr-Version: 3.113 Subject: docs/47594: [PATH] passwd(5) incorrectly states allowed username and group syntax Sender: owner-freebsd-doc@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org >Number: 47594 >Category: docs >Synopsis: [PATH] passwd(5) incorrectly states allowed username and group syntax >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-doc >State: open >Quarter: >Keywords: >Date-Required: >Class: doc-bug >Submitter-Id: current-users >Arrival-Date: Tue Jan 28 06:40:08 PST 2003 >Closed-Date: >Last-Modified: >Originator: Fernando Schapachnik >Release: FreeBSD 4.7-RELEASE-p3 i386 >Organization: >Environment: System: FreeBSD bal740r0.mecon.gov.ar 4.7-RELEASE-p3 FreeBSD 4.7-RELEASE-p3 #2: Mon Jan 6 15:33:54 ART 2003 root@bal740r0.mecon.gov.ar:/usr/obj/usr/src/sys/BAL740R0 i386 Also -CURRENT. >Description: passwd(5) incorrectly states the allowed syntax. >How-To-Repeat: >Fix: The attached patch (in two flavours, for 4.7-R, and -CURRENT) explicitly lists disallowed chars in the username and group fields. I suggest that a reminder is put in pw/pw_user.c, so that the code in pw_checkname is kept in sync with the man page. Please somebody check the spelling and grammar, as I'm not a native speaker. The patch also accounts for the changes made in 1.53 in response to bin/28773 and bin/46890. Patch for 4.7-R: --- passwd.5.ori Tue Jan 28 10:30:25 2003 +++ passwd.5 Tue Jan 28 11:10:35 2003 @@ -90,8 +90,21 @@ entries, and that one by random selection. .Pp The login name must never begin with a hyphen -.Pq Ql \&- ; -also, it is strongly +.Pq Ql \&- +and should not contain 8-bit characters, neither tab nor spaces, colons +.Pq Ql \&: , +quotes +.Pq Ql \&" , +mathematical and comparison operators +.Pq Ql \&+*-%^<>=# , +parenthesis +.Pq Ql \&() , +and various punctuation and other symbols +.Pq Ql \&,&$!@~?|\/ . +As a special case to help Samba users, the dollar symbol +.Pq Ql \&$ +is allowed as the last character. +Also, it is strongly suggested that neither upper-case characters nor dots .Pq Ql \&. be part @@ -116,6 +129,7 @@ this field indicates the user's primary group. Secondary group memberships are selected in .Pa /etc/group . +Rules for valid group syntax are the same as for usernames. .Pp The .Ar class Patch for -CURRENT: --- /tmp/passwd.5 Tue Jan 28 11:19:35 2003 +++ passwd.5 Tue Jan 28 11:27:14 2003 @@ -114,7 +114,12 @@ that manipulate these files will often return only one of the multiple entries, and that one by random selection. .Pp -The login name must never begin with a hyphen (``-''); also, it is strongly +The login name must never begin with a hyphen (``-'') +and should not contain 8-bit characters, neither tab nor spaces, +quotes (``"''), mathematical and comparison operators (``+*-%^<>=#''), +parenthesis (``()'') and various punctuation and other symbols +(``,&$!@~?|\/''). As a special case to help Samba users, the dollar +symbol (``$'') is allowed as the last character. Also, it is strongly suggested that neither upper-case characters or dots (``.'') be part of the name, as this tends to confuse mailers. No field may contain a colon (``:'') as this has been used historically to separate the fields @@ -133,7 +138,8 @@ The group field is the group that the user will be placed in upon login. Since this system supports multiple groups (see .Xr groups 1 ) -this field currently has little special meaning. +this field currently has little special meaning. Rules for valid group +syntax are the same as for usernames. .Pp The .Ar class >Release-Note: >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-doc" in the body of the message