Univention Bugzilla – Bug 54522
The username must not consist numbers only
Last modified: 2022-03-30 09:47:21 CEST
A customer reported a problem with quota. The usernames are only containing numbers. This problem is not solveable as f.e. chown 1000 test.txt would give the file to the uid 1000. We should clearly state this restriction to usernames in our manual.
I went through the following resources to get an impression of the topic in general: * https://systemd.io/USER_NAMES/#:~:text=On * https://paulgorman.org/technical/presentations/linux_username_conventions.pdf The key findings: 1. The common denominator for different Linux distributions, POSIX and systemd is the regexp ^[a-z][a-z0-9-]{0,30}$. Usernames start with a lower case ASCII letter, can then contain ASCII letters, digits and hyphens (-). A username is a least 1 character and at most 31 characters long. Only lower case letters are allowed. 2. User management tools like chown may have trouble to distinguish usernames from user IDs when the username starts with a digit. See pages 12ff from the linux_username_conventions.pdf above. Conclusion: Add a paragraph with the following recommendation: * Only use lower case ASCII letters, digits and the hyphen for usernames. * The usernames starts with a lower case ASCII letter. * On UCS the username has at least a length of 4 characters and at most 20 characters. Still in clarification for the maximum length of 20 originating from constraints for Samba usernames.
We do use underscores (for the demo school users), dollar signs (for computer accounts) and uppercase letters (Administrator). I agree with the general recommendation but it should be clear that it is just a recommendation and you need to expect usernames that are not following that scheme. Depending on the context it might make sense to warn about group names containing spaces ("Domain Users", etc). While this is only for usernames, I think these group names can be surprising for users after reading our recommendation :)
Created a merge request: https://git.knut.univention.de/univention/ucs/-/merge_requests/304
Besides the username recommendation I also added a section about the recommended form of group names in a similar format. I did not add the information for the computer accounts, because the '$' is added during account creation transparently by UCS. It also only shows up in tools like ldapsearch. Adding a hint to the administrator manual could motivate administrators to add user accounts with a trailing '$' to make a computer account of it, which is not supported. To add computer accounts, the respective module needs to be used. Nevertheless, there is some more detailed information on naming constraints that need to be described. I created bug #54538 for it.
Feedback from QA has been applied and the changes are merged to 5.0-1.
Changes are deployed to docs.univention.de