From owner-freebsd-hackers@FreeBSD.ORG Mon Apr 4 02:18:51 2011 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 0308B106564A for ; Mon, 4 Apr 2011 02:18:51 +0000 (UTC) (envelope-from jhellenthal@gmail.com) Received: from mail-iy0-f182.google.com (mail-iy0-f182.google.com [209.85.210.182]) by mx1.freebsd.org (Postfix) with ESMTP id A93FA8FC0A for ; Mon, 4 Apr 2011 02:18:50 +0000 (UTC) Received: by iyj12 with SMTP id 12so6900200iyj.13 for ; Sun, 03 Apr 2011 19:18:49 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:sender:date:from:to:cc:subject:message-id :references:mime-version:content-type:content-disposition :in-reply-to:x-openpgp-key-id:x-openpgp-key-fingerprint :x-openpgp-key-url; bh=lpBPQeqAw+lAEpspBg3VmCj1Lzfrpi51odEN8CPYsN8=; b=BKjmhfRoEZKQHSDCtfm2knL3HWtXsiVqChSmnigebLPWMOecyPDfsEl/4fK/T3876j hqrfheZvj0AIqS7NAbKnLpFKiw56xJfEONY/HJMalUFAK5kVp8vImtFNH/5rYeMhMcJ6 +Tz8pVkUcYhiUoph7nsZv0Gj8SYDOpLcddmQk= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=sender:date:from:to:cc:subject:message-id:references:mime-version :content-type:content-disposition:in-reply-to:x-openpgp-key-id :x-openpgp-key-fingerprint:x-openpgp-key-url; b=KNzTosEgod+SLM4xtkQwyGt/gCmWSHe4tPzEqIidT3IOGprEwOPNXagAQHcl2Dq/QC CnRYWaFmRnJEhfHquFJu/3uzBaXQeoOZe71uMlqkFyOON9YZNRG97UcghdNZam9daBy2 Nc1V3+g0xCjSh8d69EnTf2bSTl+3VPLTNok5Q= Received: by 10.42.163.138 with SMTP id c10mr10225190icy.269.1301883529797; Sun, 03 Apr 2011 19:18:49 -0700 (PDT) Received: from DataIX.net (adsl-99-181-155-201.dsl.klmzmi.sbcglobal.net [99.181.155.201]) by mx.google.com with ESMTPS id 8sm3394452iba.21.2011.04.03.19.18.46 (version=TLSv1/SSLv3 cipher=OTHER); Sun, 03 Apr 2011 19:18:46 -0700 (PDT) Sender: "J. Hellenthal" Received: from DataIX.net (localhost [127.0.0.1]) by DataIX.net (8.14.4/8.14.4) with ESMTP id p342IhKv095073 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Sun, 3 Apr 2011 22:18:44 -0400 (EDT) (envelope-from jhell@DataIX.net) Received: (from jhell@localhost) by DataIX.net (8.14.4/8.14.4/Submit) id p342If2o095072; Sun, 3 Apr 2011 22:18:41 -0400 (EDT) (envelope-from jhell@DataIX.net) Date: Sun, 3 Apr 2011 22:18:41 -0400 From: jhell To: kwiat@panic.pl Message-ID: <20110404021841.GA89599@DataIX.net> References: <20110119160404.5d47ad6f@stokrotka.t1.gda.wp-sa.pl> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="2oS5YaxWCcQjTEyO" Content-Disposition: inline In-Reply-To: <20110119160404.5d47ad6f@stokrotka.t1.gda.wp-sa.pl> X-OpenPGP-Key-Id: 0x89D8547E X-OpenPGP-Key-Fingerprint: 85EF E26B 07BB 3777 76BE B12A 9057 8789 89D8 547E X-OpenPGP-Key-URL: http://bit.ly/eyM1RI Cc: freebsd-hackers Subject: Re: Question about FreeBSD and long usernames X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 04 Apr 2011 02:18:51 -0000 --2oS5YaxWCcQjTEyO Content-Type: text/plain; charset=us-ascii Content-Description: Bad use of vipw(8) and bad counting routines Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Wed, Jan 19, 2011 at 04:04:04PM +0100, Mateusz Kwiatkowski wrote: > Hi,=20 >=20 > I have noticed inconsistent behaviour of some tools while working with > long usernames. >=20 I dont get why you would need or want to work with longer usernames but if that is your goal then lets continue below... > At first, 17 chars username (UT_NAMESIZE is set to 16, MAXLOGNAME to > 17): > # pw user add verylongusername=20 > pwd_mkdb: jira_pawprintgames: username too long >=20 The problem here is not ``verylongusername'' thats exactly 16 characters in the U.S. not sure where you think the other 2 characters came from. jira_pawprintgames: is 18 characters long and that is where pw(8) is bailing out. Utility is working correctly as it should here. > But it is possible to create such user with vipw: > # id verylongusername > uid=3D1005(verylongusername) gid=3D1003(users) groups=3D1003(users) As stated above your not adding a very long user name here, but vipw is exactly of the type (editor) does not really need to verify what your putting into the file and shouldnt... its editing and if you have added a user name that long then its a failure on the admins part for doing so. >=20 > We can make use of this account: > su - verylongusername > % id > uid=3D1005(verylongusername) gid=3D1003(users) groups=3D1003(users) I sure hope so its 16 charaters long. >=20 > # passwd verylongusername > Changing local password for verylongusername > New Password: > Retype New Password: > # Same as previous statement. >=20 > 18 chars username: > # id verylongusername1=20 > uid=3D1006(verylongusername1) gid=3D1003(users) groups=3D1003(users) >=20 > # su - verylongusername1 > su: username too long This is 17 characters, you are now exactly 1 character past the limit and this is where you start seeing failures and think it is an inconsistancy though everything before was correct except ``jira_pawprintgames'' >=20 > # sudo -u verylongusername1 id > uid=3D1006(verylongusername1) gid=3D1003(users) groups=3D1003(users) >=20 This is not of the base system, though the maintainer may be interested in a patch that makes this cooperate with the standard maximum length of a username. It may just be that sudo(1) is just mapping to the UID & GID here rather than checking lenght. > It's possible to change password: > # passwd verylongusername1 > Changing local password for verylongusername1 > New Password: > Retype New Password: > # It is not passwd's job to determine what it can and cannot set a password on so even in this situation if you have managed to vipw(8) and add a user with astronomical length, it is not the utilities fault its PEBKAC. >=20 > When trying to login with ssh (17 chars username worked ok): > Jan 19 14:46:08 xxxx sshd[39050]: setlogin(verylongusername1): > Invalid argument >=20 > Why some tools deny using long usernames, while > others permit? Should it be corrected? I do not see a problem at all using a correct length and not trying to force a username into the passwd by means of vipw(8). --=20 Regards, J. Hellenthal JJH48-ARIN 0x89D8547E --2oS5YaxWCcQjTEyO Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.17 (FreeBSD) Comment: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x89D8547E iQEcBAEBAgAGBQJNmSqBAAoJEJBXh4mJ2FR+6DMH/3x8ddC/Rf+jgs1K52lUSpdc wzjekzEXEcgvPlXucnTf3CgD/OSs+45VIlUENVsHQZl7c448MidK/EYx4b/JkM8R Q5KtQ9qMjNBwHO7kO1iglUZv2jl+3adiWDSX/QZse9DjMa3yyOQeGohEx5tIFHi0 liKaMd3AK8gw019c5jLN4NpCEVJv+eT8cejMQi9NtSGNSXVJJ2xZjTLNE1VNIUOV I1x7cwNTxSuS5NFHoJ5LCuuJMgjeCIPomjletOQyS+fGNuxcK9Mkm/r1Jd16NTrh 1rAGQ82SLExKmIowAz89QHf7FgRD1qDa1N/GaiuDVsr9E7Jhcyejho9kwNzI/HA= =vwyb -----END PGP SIGNATURE----- --2oS5YaxWCcQjTEyO--