Incorrect username validation #8
Comments
|
Default regex Allows It may have some unforseen consequences I think having strictly lower case alphanumeric usernames, and leaving the Fancy Stuff to gecos fullname I may be wrong if I am I will happily implement it |
|
So as far as I can see online
All ignore The name regex As they are apparently really volatile, and cause and Unprofessionally written scripts to break |
This is wrong. Those regexes only allow -_. and alphanumeric (also can't start with a .). If they are allowing any more then our config to set those regexes are incorrect and none standard. We should be allowing whatever adduser allows, it has all the protections in place already, that's why it has a --allow-bad-names flag to override if you need (we do not need). |
Not correct, they all seem to be allowing - _ and . except calamares (not tried vanilla)? So they are either using the regexes or implemented their own version of the default check. |
Ok... I will switch the regex |
|
Thank you very much for looking into this! |
Here we are checking for only alphanumeric: https://github.com/PikaOS-Linux/pkg-pika-first-setup/blob/c6b9d3743223bdc0611bdf0c80dc3ea902742cc7/src/first_setup/user_carousel/mod.rs#L232C12-L232C29
This needs to instead use the regexes of NAME_REGEX and SYS_NAME_REGEX to check against as this is what adduser does.
The text was updated successfully, but these errors were encountered: