useradd john.doe
leads to an error,
useradd room12-23$
too (a "$" is neaded for samba machine accounts).
I use "useradd" from the shadow packet, written from Julianne Frances
Haugh.
On my SuSE installation, dots and $ are allowed, there runs "useradd"
from the SuSE pwdutils packet, written from Thorsten Kukuk.
Could slackware change the restrictions for usernames?
Viele Gruesse
Helmut
"Ubuntu" - an African word, meaning "Slackware is too hard for me".
It's probably overkill, but take a look at Webmin. It's webbased, and does
alot more than just usernames.
Tim
While this is technically a legal user name Slackware's tools are
protecting the system from possible problems with other software which
my be unable to parse the user name properly.
> useradd room12-23$
>
> too (a "$" is neaded for samba machine accounts).
For this use adduser which is a wrapper script for useradd and it works
on a 12.2 box I have access to. Don't know why useradd won't accept it
directly.
If you really need the user names and the tools won't work and your sure
that the user name is valid you can edit the /etc/passwd and /etc/shadow
files manually to add them in. This is also a better way to work when
dealing with large amounts of users as you can see what is going on
across the whole user database, and you get the benefit of whatever
tools your text editor has for helping you create large numbers of entries.
Du meintest am 02.07.09:
>> useradd john.doe
>>
>> leads to an error,
> While this is technically a legal user name Slackware's tools are
> protecting the system from possible problems with other software
> which my be unable to parse the user name properly.
May be - SuSE and Debian are not so overprotective. And my customers
want the "john.doe" style.
>> useradd room12-23$
>>
>> too (a "$" is neaded for samba machine accounts).
> For this use adduser which is a wrapper script for useradd and it
> works on a 12.2 box I have access to. Don't know why useradd won't
> accept it directly.
May be. "adduser" works interactive - I need a scriptable program.
> If you really need the user names and the tools won't work and your
> sure that the user name is valid you can edit the /etc/passwd and
> /etc/shadow files manually to add them in.
I know. I can write scripts.
But I can exchange the Slackware packet with a converted Debian or SuSE
packet too, or I can hope (not for an eternal time) that Slackware
changes the "useradd" behaviour.
> This is also a better way to work when dealing with large amounts of
> users as you can see what is going on across the whole user database,
> and you get the benefit of whatever tools your text editor has for
> helping you create large numbers of entries.
Why should I re-invent the world or at least "useradd"?
I wrote am 01.07.09:
> useradd john.doe
> leads to an error,
> useradd room12-23$
> too (a "$" is neaded for samba machine accounts).
> I use "useradd" from the shadow packet, written from Julianne Frances
> Haugh.
> On my SuSE installation, dots and $ are allowed, there runs "useradd"
> from the SuSE pwdutils packet, written from Thorsten Kukuk.
I've looked into some sources - "useradd" (and some other programs) use
the routine "is_valid_user_name". You can see it p.e. in "useradd.c".
Where is this routine?
I wrote am 01.07.09:
> Hallo alle miteinander,
> useradd john.doe
> leads to an error,
> useradd room12-23$
> too (a "$" is neaded for samba machine accounts).
> I use "useradd" from the shadow packet, written from Julianne Frances
> Haugh.
> On my SuSE installation, dots and $ are allowed, there runs "useradd"
> from the SuSE pwdutils packet, written from Thorsten Kukuk.
The difference comes from "shadow/libmisc/chkname.c", Slackware uses a
special form from Tomas Kloczko (pld.org.pl).
Maybe the author has vanished.
You _do_ know that this will lead to problems with other programs that
parse the username. The one I'm offhandly thinking about is chown, which
accepts the . as an alternative to : as separator between username and
group:
chown john.doe filename
could try to set the username to "john" and the group to "doe".
This is (nowadays) undocumented behaviour for compatibility with older
scripts that may still use the . as separator.
--
Eef Hartman, Delft University of Technology, dept. SSC/ICT
> Helmut Hullen wrote:
>> Hallo alle miteinander,
>>
>> useradd john.doe
>
> You _do_ know that this will lead to problems with other programs that
> parse the username. The one I'm offhandly thinking about is chown, which
> accepts the . as an alternative to : as separator between username and
> group:
> chown john.doe filename
> could try to set the username to "john" and the group to "doe".
>
> This is (nowadays) undocumented behaviour for compatibility with older
> scripts that may still use the . as separator.
Is there a problem with using underscore instead of dot?
"User_Name" rather than "User.Name"
Or even that old standard, the significant upper-case "UserName" ?
John_Doe - JohnDoe - John.Doe
Only one of these will tend to be a spring trap for certain process.
Maybe if you slap your users and shout at them until they stop expecting
the world of *NIX to emulate a Widnos infestation? ;)
--
*===( http://www.400monkeys.com/God/
*===( http://principiadiscordia.com/
*===( http://www.slackware.com/
Du meintest am 02.07.09:
>> useradd john.doe
> You _do_ know that this will lead to problems with other programs
> that parse the username. The one I'm offhandly thinking about is
> chown, which accepts the . as an alternative to : as separator
> between username and group:
> chown john.doe filename
Yes - I know ...
But more and more school servers allow this kind of username, and my
colleagues ask me "why not with your school server, too?".
It's windows like - I know. But "keep the customer satisfied".
Du meintest am 02.07.09:
> Is there a problem with using underscore instead of dot?
> "User_Name" rather than "User.Name"
Yes - my "customers" know LANs where they have to use a dot as
separator.
> Or even that old standard, the significant upper-case "UserName" ?
> John_Doe - JohnDoe - John.Doe
That may lead to other problems - old fashioned TTY style.
If the first letter is a capital then the login routine assumes (may
assume) that the teletype is set to UPPER letters and translates all
letters to "lower".
> Only one of these will tend to be a spring trap for certain process.
> Maybe if you slap your users and shout at them until they stop
> expecting the world of *NIX to emulate a Widnos infestation? ;)
My users say "your competitors allow a dot as separator".
Du meintest am 02.07.09:
>>> useradd john.doe
> Is there a problem with using underscore instead of dot?
> "User_Name" rather than "User.Name"
Yes.
I'm maintaining a schoolserver (http://arktur.de).
Some competitors allow "john.doe", and my colleagues ask me "why not
your server, too?"
I'm working on a school for postgraduate professional education, many
"pupils" (20 to 50 years old) have accounts on their company's LAN, most
of them like "john...@company.invalid".
They too ask "why not on this system"?
SuSE allows the dots, Debian allows the dots.
I've looked into the sources; most times it's the packet "shadow", and
therein the script "libmisc/chkname.c".
Authors:
* Copyright (c) 1990 - 1994, Julianne Frances Haugh
* Copyright (c) 1996 - 2000, Marek Michalkiewicz
* Copyright (c) 2001 - 2005, Tomasz Kloczko
* Copyright (c) 2005 - 2008, Nicolas Francois
(from the Ubuntu script, shadow-4.1.4.1).
Slackware uses 4.0.3, with chkname.c from 2002 (Tomasz Kloczko).
The major differences:
shadow-4.0.3 (Slackware, 2002)
* User/group names must match [a-z_][a-z0-9_-]*
shadow-4.1.4.1 (Ubuntu, 2009)
* User/group names must match [a-z_][a-z0-9_-]*[$]
pwdutils-3.2.2 (SuSE, 2008)
class = getlogindefs_str ("CHARACTER_CLASS",
"[A-Za-z_][A-Za-z0-9_.-]*[A-Za-z0-9_.$-]\\?");
------------------------
I don't like Capitals at the first place ...
Maybe some competitors use something like PAM and/or LDAP for allowing
dots in the login name too.
Officially usernames are case-INsensitive, but should be entered in all
lower-case (or all upper-case). Probably capitalized names will work in
xdm/kdm/gdm, but a starting capital certainly will NOT work in a getty
(text console), it will expect an all caps name and CONVERT it to all
lower-case before looking it up in the password file.
> I'm working on a school for postgraduate professional education, many
> "pupils" (20 to 50 years old) have accounts on their company's LAN,
> most of them like "john...@company.invalid".
If what they want is firstname.lastname for their email addresses,
you can have that without requiring dots in the username on the system.
See your mail software's virtusertable for that.
--
----------------------------------------------------------------------
Sylvain Robitaille s...@encs.concordia.ca
Systems analyst / AITS Concordia University
Faculty of Engineering and Computer Science Montreal, Quebec, Canada
----------------------------------------------------------------------
Du meintest am 02.07.09:
>> I'm working on a school for postgraduate professional education,
>> many "pupils" (20 to 50 years old) have accounts on their company's
>> LAN, most of them like "john...@company.invalid".
> If what they want is firstname.lastname for their email addresses,
> you can have that without requiring dots in the username on the
> system. See your mail software's virtusertable for that.
And then they ask "it works with e-mail, why doesn't it work with samba
- or apache - or xyz". I don't like working with several different names
on one machine. And I can't explain my users why slackware refuses dots
in the login name, but SuSE (and some other distributions) allows them.
And LDAP is no alternative. Nor is PAM an alternative.
Who maintains the slackware shadow package? Looks a bit orphaned.
>
> I'm maintaining a schoolserver (http://arktur.de).
>
> Some competitors allow "john.doe", and my colleagues ask me "why not
> your server, too?"
Simple, only allow dot, tab, and backspace as valid characters in your
usernames...
Du meintest am 02.07.09:
>> Some competitors allow "john.doe", and my colleagues ask me "why not
>> your server, too?"
> Simple, only allow dot, tab, and backspace as valid characters in
> your usernames...
"can I use the mouse?"
[...]
>> Is there a problem with using underscore instead of dot?
>
>> "User_Name" rather than "User.Name"
>
> Yes.
>
> I'm maintaining a schoolserver (http://arktur.de).
>
> Some competitors allow "john.doe", and my colleagues ask me "why not
> your server, too?"
Ask them if they'd like virus vunerability adding along with that
"function", and a few of the other nasties that come with borked systems
that allow things that are not wise nor productive.
If you want security, you need to accept that some things will need a
tiny bit of compromise at the user end of things. "Best Working Practice"
includes the end user not behaving like a MucDollups customer after all
is said and done.
"/My/ computer lets me access my bank details without a firewall!"
Yeah, and every other script kiddie. Just how much is that "convenience"
worth?
Maybe a short list of what goes with what?
"You want this? Fine! You'll get that with it though. Still want it?"
Like I said before, try beating them with a stick. It can't hurt. >:)
> Mike Jones wrote:
>> Or even that old standard, the significant upper-case "UserName" ?
>>
>> John_Doe - JohnDoe - John.Doe
>
> Officially usernames are case-INsensitive, but should be entered in all
> lower-case (or all upper-case). Probably capitalized names will work in
> xdm/kdm/gdm, but a starting capital certainly will NOT work in a getty
> (text console), it will expect an all caps name and CONVERT it to all
> lower-case before looking it up in the password file.
No other option then. Beat the end users with a stick. >:)
> Hallo, Peter,
>
> Du meintest am 02.07.09:
>
>>> Some competitors allow "john.doe", and my colleagues ask me "why not
>>> your server, too?"
>
>> Simple, only allow dot, tab, and backspace as valid characters in your
>> usernames...
>
> "can I use the mouse?"
yes, you may, and be absolutely straight and sturdy about the
idea that they'd have to chose between having a mouse and a
ote about their username.
And do not forget the iea, it'll serve fairly soon, just...
wheen they'd think they can click their way through mail
by visiting gloogel by their first-finger thrashing their
nerves into überclickennen web-pages to post the Usenet and the
"podded" lost-boys about why they had to think again about what
they would like to try and decied to have an idea about
WTF is that *lol* usenet you mentioned when you replied
to their interesting question about tup-possing, and
BTW didn't like you to call them names in a personal message!
and if you dunstup gotta bail you outta that nice mailing list, ah!
and that'll be the day to use again the simple idea that they
could keep the mouse if they really did that much desperately need
something to talk with, but no thanks, the nazbaz and the compeez
were not for their specific category of high concentration skills.
educate your users or you'll end up in a skid row like a
helpdesk, tier 1 or tier 3 you'll still be leveled down by the
size your users were made off, so...
educate them or prepare to meet thy doom.
Any interactive program that reads its input from stdin is scriptable.
regards Henrik
--
The address in the header is only to prevent spam. My real address is:
hc3(at)poolhem.se Examples of addresses which go to spammers:
root@localhost postmaster@localhost
> to their interesting question about tup-possing, and
> BTW didn't like you to call them names in a personal message!
> and if you dunstup gotta bail you outta that nice mailing list, ah!
Anyone else find that in Outlook at Outlook Express it is difficult, despite
best efforts _NOT_ to top-post?
Pete
Du meintest am 03.07.09:
>> to their interesting question about tup-possing, and
>> BTW didn't like you to call them names in a personal message!
>> and if you dunstup gotta bail you outta that nice mailing list, ah!
> Anyone else find that in Outlook at Outlook Express it is difficult,
> despite best efforts _NOT_ to top-post?
That's another problem. That's a behaviour each user can change by it's
own.
Dotted or undotted usernames are defined by the BOFH.
Du meintest am 02.07.09:
>> I'm maintaining a schoolserver (http://arktur.de).
>>
>> Some competitors allow "john.doe", and my colleagues ask me "why not
>> your server, too?"
> Ask them if they'd like virus vunerability adding along with that
> "function", and a few of the other nasties that come with borked
> systems that allow things that are not wise nor productive.
Then they show "john...@siemens.de", "jim....@volkswagen.de" etc - all
vulnerable?
The dot in the username imports no vulnerability. It only forces the
administrators to watch commands like "chown user:group".
Novell/SuSE allows dotted usernames, some other distributions (esp.
their "shadow" packets) allow dotted usernames: vulnerable?
Du meintest am 02.07.09:
>>>> Some competitors allow "john.doe", and my colleagues ask me "why
>>>> not your server, too?"
[...]
> educate your users or you'll end up in a skid row like a
> helpdesk,
I have about 2 years to "educate" adult users. They have worked in other
organizations (and have used dotted usernames), and when they leave our
school they work again in those organizations. I'm not Sysiphos.
The period used to be prohibited in "logins", yes you are right it was
changed SEVERAL years ago to allow the period, however, if you are
providing services for email for an educational institution like I,
virtual user situation would be far easier and therefor you can use dots
regardless :)
Perhaps Robby or Eric can ensure Slackware 13 includes a modern login
package?
--
Res
-Beware of programmers who carry screwdrivers
Du meintest am 03.07.09:
> The period used to be prohibited in "logins", yes you are right it
> was changed SEVERAL years ago to allow the period, however, if you
> are providing services for email for an educational institution like
> I, virtual user situation would be far easier and therefor you can
> use dots regardless :)
> Perhaps Robby or Eric can ensure Slackware 13 includes a modern login
> package?
They would please not only me ...
I maintain a white spread school server (at least in Germany, Austria
and Switzerland white spread), I prefer slackware as base system. But I
don't like to explain all my colleagues why the competitors allow dotted
usernames and "my" server doesn't.
I could use the "pwdutils" packet from Novell/SuSE, but I don't like
this way.
> Hallo, Mike,
>
> Du meintest am 02.07.09:
>
>>> I'm maintaining a schoolserver (http://arktur.de).
>>>
>>> Some competitors allow "john.doe", and my colleagues ask me "why not
>>> your server, too?"
>
>
>> Ask them if they'd like virus vunerability adding along with that
>> "function", and a few of the other nasties that come with borked
>> systems that allow things that are not wise nor productive.
>
> Then they show "john...@siemens.de", "jim....@volkswagen.de" etc - all
> vulnerable?
>
> The dot in the username imports no vulnerability. It only forces the
> administrators to watch commands like "chown user:group".
>
> Novell/SuSE allows dotted usernames, some other distributions (esp.
> their "shadow" packets) allow dotted usernames: vulnerable?
>
I was refering to those systems that trade security for extra end-user
function. A userbase can get used to such "luxuries" and may need re-
educating at some point.
Look up BOFH for more hints and tips in this arena. >:)
>
> It's windows like - I know. But "keep the customer satisfied".
>
> Viele Gruesse
> Helmut
That is the most important if we ever are going to beat the Windos world..
If you find a solution I would be happy to. When having many people with
the same first name and they don't like putting the first and last name
together a point between is a good solution.
Like svensvendsen compared to sven.svendsen the later is to prefer.
I have used a underscore earlier but of some reason most people have a
difficult time to find it.
Let's hope there is an easy solution.
//Micke
You CAN always do it the Slackware way: get a newer version of the
shadow utils and compile it yourself, optionally using Pat's build
scripts. Then you're not dependant on someone else.
As far as I see in the "current" change log, no updates TO the shadow
package are planned _at the moment_. And as it is a "release candidate"
I won't expect any major updates will be done before the 13.0 release
anymore:
> Wed Jul 1 16:04:35 CDT 2009
> Hi folks -- the TODO isn't entirely empty here, but it's pretty much
> down to minor nits, and so we're going to call this release candidate
> #1 and (mostly) freeze further updates unless they happen to fix
> problems.
(from slackware-current's ChangeLog.txt)
Du meintest am 03.07.09:
>>> Perhaps Robby or Eric can ensure Slackware 13 includes a modern
>>> login package?
>> They would please not only me ...
> You CAN always do it the Slackware way: get a newer version of the
> shadow utils and compile it yourself, optionally using Pat's build
> scripts. Then you're not dependant on someone else.
I know. But I have enough work with the schoolserver itself. I use
Slackware as base distribution, because I'm not interested in something
like "my quite special LFS", I trust (in this sector, too) to other
people.
I'm not interested in living like Robinson Crusoe and reinventing the
whole world. I prefer burden-sharing.
Just another example: I can milk cows, I can saddle horses, I can
butcher hens and ducks. But I prefer buying milk and meat in the next
store. There's more quality.
> Helmut Hullen wrote:
>> Hallo, Res,
>>
>> Du meintest am 03.07.09:
>>
>>> The period used to be prohibited in "logins", yes you are right it
>>> was changed SEVERAL years ago to allow the period, however, if you
>>> are providing services for email for an educational institution like
>>> I, virtual user situation would be far easier and therefor you can
>>> use dots regardless :)
>>
>>> Perhaps Robby or Eric can ensure Slackware 13 includes a modern login
>>> package?
>>
>>
>> They would please not only me ...
>
> You CAN always do it the Slackware way: get a newer version of the
> shadow utils and compile it yourself, optionally using Pat's build
> scripts. Then you're not dependant on someone else.
Heck, for that matter, the OP can just use vipw(8) and vigr(8) to hand-edit
the /etc/password, /etc/group and /etc/shadow files to add (or change) the
username to his liking. The caveat is that some linux utilities will have a
hard time with any usernames that deviate from the unix standard for names
(as enforced by adduser).
In SAMBA, the OP can use the "username map" option in the smb.conf file to
map Windows Usernames to linux usernames, and avoid fiddling with the
password and shadow files.
In Apache, the OP can use <Directory> directives to map the home directories
for unusual usernames to linux usernamed web directories.
In Sendmail, the OP can use the /etc/mail/virtusertable and /etc/aliases to
map "unusual" email addresses to linux usernames
In other words, all the OP wants to do, he can do in Slackware, at the
expense of a bit of sysadmin convenience.
--
Lew Pitcher
Master Codewright & JOAT-in-training | Registered Linux User #112576
http://pitcher.digitalfreehold.ca/ | GPG public key available by request
---------- Slackware - Because I know what I'm doing. ------
Du meintest am 03.07.09:
>>>> Perhaps Robby or Eric can ensure Slackware 13 includes a modern
>>>> login package?
>>> They would please not only me ...
[...]
> Heck, for that matter, the OP can just use vipw(8) and vigr(8) to
> hand-edit the /etc/password, /etc/group and /etc/shadow files to add
> (or change) the username to his liking. The caveat is that some linux
> utilities will have a hard time with any usernames that deviate from
> the unix standard for names (as enforced by adduser).
> In SAMBA, the OP can use the "username map" option in the smb.conf
> file to map Windows Usernames to linux usernames, and avoid fiddling
> with the password and shadow files.
> In Apache, the OP can use <Directory> directives to map the home
> directories for unusual usernames to linux usernamed web directories.
> In Sendmail, the OP can use the /etc/mail/virtusertable and
> /etc/aliases to map "unusual" email addresses to linux usernames
> In other words, all the OP wants to do, he can do in Slackware, at
> the expense of a bit of sysadmin convenience.
Just repeating:
It's not for my private system at home. It's for a widespread school
server. Your way is inconvenient for more than thousand colleagues -
their major job is teaching. Not manipulating many files.
I try to deliver a server which makes nearly no stress for the
colleagues. No playing ground for linux experts. And that concept is
successfull.
> Hallo, Lew,
>
> Du meintest am 03.07.09:
>
>>>>> Perhaps Robby or Eric can ensure Slackware 13 includes a modern
>>>>> login package?
>
>>>> They would please not only me ...
>
> [...]
>
>> Heck, for that matter, the OP can just use vipw(8) and vigr(8) to
>> hand-edit the /etc/password, /etc/group and /etc/shadow files to add
>> (or change) the username to his liking. The caveat is that some linux
>> utilities will have a hard time with any usernames that deviate from
>> the unix standard for names (as enforced by adduser).
>
>> In SAMBA, the OP can use the "username map" option in the smb.conf
>> file to map Windows Usernames to linux usernames, and avoid fiddling
>> with the password and shadow files.
>
>> In Apache, the OP can use <Directory> directives to map the home
>> directories for unusual usernames to linux usernamed web directories.
>
>> In Sendmail, the OP can use the /etc/mail/virtusertable and
>> /etc/aliases to map "unusual" email addresses to linux usernames
>
>> In other words, all the OP wants to do, he can do in Slackware, at
>> the expense of a bit of sysadmin convenience.
>
> Just repeating:
> It's not for my private system at home. It's for a widespread school
> server.
This I already knew.
> Your way is inconvenient for more than thousand colleagues -
> their major job is teaching. Not manipulating many files.
>
> I try to deliver a server which makes nearly no stress for the
> colleagues. No playing ground for linux experts. And that concept is
> successfull.
Please understand that "my way" is the normal life of a Unix system
administrator. It is /not/ a personal way to fudge things, but what
sysadmins do as part of their job.
I'm glad that you try to deliver a stress-free environment for your users.
Perhaps a more "end user friendly" Linux distribution would suit your users
better, trading the tasks that a sysadmin performs for ones that your end
users can perform.
Just my 2 cents worth
Robby nor Eric have anything innfluential to say about the core of
Slackware. Pat has the final word.
Nevertheless, a Slackware system will happily work with usernames that
contain dots. It's just the "adduser/useradd" which does not accept
the dot. Create the user without the dot if you wish, then rename that
account in the passwd/shadow files and all is well.
Just to be very clear: there is nothing wrong with dotted usernames.
Eric
Du meintest am 03.07.09:
>>> Perhaps Robby or Eric can ensure Slackware 13 includes a modern
>>> login package?
> Robby nor Eric have anything influential to say about the core of
> Slackware. Pat has the final word.
He should at least change from shadow 4.0.3 (5. Jan. 2002) to 4.1.4.1
(22. Mai 2009, ftp://pkg-shadow.alioth.debian.org/pub/pkg-shadow) ...
the newer versions allows a trailing "$".
And the patch "506_relaxed_usernames" allows dots and UPPER letters.
> Nevertheless, a Slackware system will happily work with usernames
> that contain dots. It's just the "adduser/useradd" which does not
> accept the dot.
And pwck, and usermod (they use the routine "check_user_name" from
libmisc/chkname.c).
And "check_user_name" uses the same limits as "check_group_name"; is
there any good reason for dotted group names?
> Create the user without the dot if you wish, then
> rename that account in the passwd/shadow files and all is well.
I'm just looking for "pwdutils" from Novell/SuSE, either instead of
"shadow" or overwriting the "shadow" binaries. Then I have again a
packet which is widespread and which some other guy maintains.
But I hope that Pat updates the "shadow" packet soon ...
(yes - I can build such a packet too. But then I must maintain it).
> Just to be very clear: there is nothing wrong with dotted usernames.
Thank you!
Perhaps you should tell someone who is responsible for these things,
instead of complaining here. Pat's contact info is on slackware.com.
--keith
--
kkeller...@wombat.san-francisco.ca.us
(try just my userid to email me)
AOLSFAQ=http://www.therockgarden.ca/aolsfaq.txt
see X- headers for PGP signature information
There's no magic setting, its just it does not work naturally, as if its
been designed for top posting.
Du meintest am 03.07.09:
>>> Robby nor Eric have anything influential to say about the core of
>>> Slackware. Pat has the final word.
>> He should at least change from shadow 4.0.3 (5. Jan. 2002) to
>> 4.1.4.1 (22. Mai 2009, ftp://pkg-shadow.alioth.debian.org/pub/pkg-sh
>> adow) ...
> Perhaps you should tell someone who is responsible for these things,
> instead of complaining here. Pat's contact info is on slackware.com.
I always hope that not only irresponsibles read this newsgroup ...
And I won't disturb Pat with perhaps simple problems.
By the way: my first try to build my own "shadow-4.1.4.1" (with the
actual 4.1.4.1.tar.bz2 and the adjusted shadow.SlackBuild from 4.0.3)
produced a fine looking packet, but
useradd john.doe
only produced a lot of error messages.
Both are way too much typing for a username....
- Kurt
Du meintest am 04.07.09:
>> Like svensvendsen compared to sven.svendsen the later is to prefer.
> Both are way too much typing for a username....
You'r right: 2 letters are enough for 600 users, 3 letters are enough
for 17000 users!
> Hallo, ~kurt,
>
> Du meintest am 04.07.09:
>
>>> Like svensvendsen compared to sven.svendsen the later is to prefer.
>
>> Both are way too much typing for a username....
>
> You'r right: 2 letters are enough for 600 users, 3 letters are enough
> for 17000 users!
even more than your roughly rounded counts and you only
counted down on the 26 a-z set ;-)
anyway that'll even be much better when thy'll get used to their
new name scheme, b0f hw9, etc. as it's cruelly apparent that
their previous habits bore way too much entropy:D)
echo "svensvendsen" | sed -n '/\(sven\)\1dsen/p'
echo "svensvendsen" | sed -n '/\(sv\)\(en\)\1\2ds\2/p'
> "Ubuntu" - an African word, meaning "Slackware is too hard for me".
do you really insist about that idea of you that a username MUST
have a dot and a .sig MUSTNOT have a '-- ' prefix line?-)
--
some folks, they have the strangest ideas...
:-D
Well try to learn Windos people that it's more than enough they are
called a1 or zw. They would cry blood.
It would be the best of wrolds if we didn't have to deal with that kind
of problems. But it isn't the best of worlds. We live in a world that MS
have been ruling for way to long.
//Micke
> If you find a solution I would be happy to.
Given Your name I guess that both Xorg and KDE is installed and then it
can be done from 'kuser'.
--
Thomas O.
This area is designed to become quite warm during normal operation.
It depends on what you mean by ''irresponsible''. :)
Seriously--Pat is The Decider for what's included in the official
Slackware distribution. Last I knew he does not read this newsgroup.
You might encourage someone else to build their own working shadow
package that supports dots, but that would not be included in Slackware.
> And I won't disturb Pat with perhaps simple problems.
Well, regardless of whether it's a good idea or not, that's the way
he's chosen to handle things. But you're right in that you shouldn't
bother Pat needlessly. So, what I would suggest is to very precisely
report exactly what the problem is (e.g., adduser et al won't take
usernames with dots), what you think it would take to fix it (e.g.,
update the shadow package), and anything else you may have tried. Be
concise yet complete (which is not easy), so that he has the information
he needs to proceed on his own without needing to come back to you.
(In short, produce a good quality bug report; bad bug reports are almost
as useless as no bug report.)
> By the way: my first try to build my own "shadow-4.1.4.1" (with the
> actual 4.1.4.1.tar.bz2 and the adjusted shadow.SlackBuild from 4.0.3)
> produced a fine looking packet, but
>
> useradd john.doe
>
> only produced a lot of error messages.
That's unfortunate, as it'd be helpful to send to Pat that you know it
works. But you might simply include this information ("I tried but
failed to produce a working shadow package") and see what he does with
it.
A naming convention is just a naming convention. You don't change naming
convention just because other people tell you that other networks have
different naming conventions do you?
Adding a 'dot' in an username doesn't give you more room for more 'John
Does' on a given network. It just leads to either a migration from old
naming convention to new naming convention. Or two naming conventions
both at the same time at the same network. Both are undesirable
situations.
> It's windows like - I know. But "keep the customer satisfied".
Allow me to correct you, with all due respect. I've worked for years on a
Windows network, and we did not have dots in usernames. Neither did we
give in to requests like that. We had dots in email addresses though,
because security wise it's not a bad idea to keep user name and email
address different.
Dots in user names is trivial at best. And although, as you said, it's
technically possible by either manual manipulation of files or by
upgrading certain programs, it is not worth the hassle IMHO and it may
break things. If that doesn't convince them, add mixed jargon to confuse
them:
"Introducing non-alphanumerical characters to our well-established naming
convention may have both anticipated and unforeseen consequenses in the
areas of user management, networking and backward compatibility and may
also limit options in future cross platform solutions and thus hamper the
upgradability of the overall system."
As you said, with a little tweaking it is technically possible, but in my
eyes it gives no additional benefit. $0.02
Du meintest am 05.07.09:
> Adding a 'dot' in an username doesn't give you more room for more
> 'John Does' on a given network. It just leads to either a migration
> from old naming convention to new naming convention.
No. If the system allows dots nobody must changes his undotted username.
And the shadow source allows dots since 2003. But the slackware binary
uses source code from 2002.
Viele Gruesse
Helmut
:-D Nope to KDE. Yes to Xorg.
Gnome at the moment and dotted names can be done on the local computer
easily, but more difficult on a server without Xorg running. But that is
not a problem either since my server are for my private use and my login
name are very short.
Worse on those servers running as OP have. Students or teachers no
matter their age have become to use to their MS computers at home to
change. So it is in my oppinion better to teach the opsys to accept
their way, than to try to teach a lot of people a new way.
Just my little thought though.
/Micke
Well done! :)
--
Theodore (Ted) Heise <th...@heise.nu> Bloomington, IN, USA
Du meintest am 06.07.09:
>> educate your users or you'll end up in a skid row like a
>> helpdesk, tier 1 or tier 3 you'll still be leveled down by the
>> size your users were made off, so... educate them or prepare to
>> meet thy doom.
> Well done! :)
"We don't need no education!" - the users are no prisoners or slaves.
> Hallo, Theodore,
>
> Du meintest am 06.07.09:
>
>>> educate your users or you'll end up in a skid row like a helpdesk,
>>> tier 1 or tier 3 you'll still be leveled down by the size your users
>>> were made off, so... educate them or prepare to meet thy doom.
>
>> Well done! :)
>
> "We don't need no education!" - the users are no prisoners or slaves.
we don't (mostly desperately I confess) try and educate the users to be
slaves or prisoners but to liber us from ignorance and free them from their
recurrent humiliation to have to post or ask their neighbour how the hell
did that stupid system fokkt their precious data again though they did
strictly, properly, just exactly what they've done the last time
(and were sorry too) I don't steal marbles from kids and I don't
forbid them to go to school with a torned-out bag, I just try and
inform them about probabilities some stuff would drop, especially
while running in the streets trying to do what regular kids do
(jump under a bus trying to get on time at school, cross the
fairway trying and avoid a psideltaphilambda, etc.)
> Helmut
>
> "Ubuntu" - an African word, meaning "Slackware is too hard for me".
--
talking about educating users, do you know that one about
that guy who bought a keyboard missing dash and space keys?
Helmut-head has already (many times) shown that he does not understand
what a "sig delimiter" is, even when using a blatantly stolen signature
line. He's either too stupid to understand, or doesn't care.
--
"Ubuntu" -- an African word, meaning "Slackware is too hard for me".
The Usenet Improvement Project: http://improve-usenet.org
Ahhhhhhhh!: http://brandybuck.site40.net/pics/relieve.jpg
> Then they show "john...@siemens.de", "jim....@volkswagen.de" etc ...
Those are email addresses, not usernames. There is no indication that
these email addresses directly map to usernames that contain dots.
You can quite easily give your users email addresses of the form
firstname.lastname@domain without requiring that you have usernames with
dots in them.
If people want firstname.lastname@domain for their email addresses, you
should be looking at virtusertable. Any objections to that amount to
the user complaining that there isn't enough to type when they configure
client software to access the POP/IMAP server, the CIFS server, website,
etc.
I think Mike Jones' solution is so far the best of the proposed bunch ...
--
----------------------------------------------------------------------
Sylvain Robitaille s...@encs.concordia.ca
Systems analyst / AITS Concordia University
Faculty of Engineering and Computer Science Montreal, Quebec, Canada
----------------------------------------------------------------------
>> "Ubuntu" - an African word, meaning "Slackware is too hard for me".
>
> do you really insist about that idea of you that a username MUST
> have a dot and a .sig MUSTNOT have a '-- ' prefix line?-)
Helmut, your "competitors" use a proper signature delimiter in their
messages, and your colleagues keep asking "why not your messages, too"?
> And the shadow source allows dots since 2003. But the slackware binary
> uses source code from 2002.
Nobody reported this as a "problem" before last week. One of the benefits
of Slackware is that it doesn't "fix" things that aren't broken.
If new versions of packages in use don't offer any new features of value
(or fixes that matter), why bother "upgrading". If your preference
is for a Linux distribution that always keeps the latest versions of
all packages it ships with, regardless of stability, new bugs, etc.,
Slackware may not be the distribution for you.
> He should at least change from shadow 4.0.3 (5. Jan. 2002) to 4.1.4.1
> (22. Mai 2009, ftp://pkg-shadow.alioth.debian.org/pub/pkg-shadow) ...
> the newer versions allows a trailing "$".
Allowing shell-metacharacters in usernames would be a bug, not a feature
...
> And the patch "506_relaxed_usernames" allows dots and UPPER letters.
I think it may be worth pointing out the pedigree of Slackware versus
the pedigree of (most?) other Linux distributions. Slackware isn't
intended to resemble, replace, or compete with Windows or similar
"end-user" based operating systems, the way that (most?) other Linux
distributions are. Slackware's target appears to be more the Unix crowd
(as in "Unix" from the days before "Linux" was believed to *be* "Unix").
It wouldn't have occured to me (at least) to ever put a '$' at the end
of a username (seems like a VMS thing to me ...), let alone that not
being able to have a '.' in a username might be a problem ...
> It wouldn't have occured to me (at least) to ever put a '$' at the end
> of a username (seems like a VMS thing to me ...), let alone that not
> being able to have a '.' in a username might be a problem ...
Yep, and if the OP wants, for whatever reason, to have '$' at the end
(samba machine accounts maybe) it can be done already with the current
tools:
root:~$ useradd -d /home/test\$ -s /bin/bash -m test\$
...and so on.
--
Sami
Du meintest am 05.07.09:
> you might want to replace the original slackware bin with the applet
> from busybox in the slackware shell script /usr/sbin/adduser
Hmmm - nice way.
But I took the necessary newer programs from debian - works. Without
problems.
http://arktur.shuttle.de/CD/5.0/slack/ods1/odsshadow.tgz
By the way: that's the major reason I use slackware as base: it's quite
simple to use packets from elsewhere if I don't find a fitting packet at
slackware.com (down or alive) or slackfind.net. No package manager tells
me "that's forbidden!".
Du meintest am 07.07.09:
>> He should at least change from shadow 4.0.3 (5. Jan. 2002) to
>> 4.1.4.1 (22. Mai 2009, ftp://pkg-shadow.alioth.debian.org/pub/pkg-sh
>> adow) ... the newer versions allows a trailing "$".
> Allowing shell-metacharacters in usernames would be a bug, not a
> feature ...
Samba machine accounts need a trailing "$".
Du meintest am 07.07.09:
>> Then they show "john...@siemens.de", "jim....@volkswagen.de" etc
>> ...
> Those are email addresses, not usernames. There is no indication
> that these email addresses directly map to usernames that contain
> dots.
On some Linux systems (I don't what what the above companies use) that's
also the linux user account. It works - I have such account on some
systems.
> If people want firstname.lastname@domain for their email addresses,
> you should be looking at virtusertable.
And similar for Windows clients, etc. - that's ugly. I had to manage
several lookup tables just because slackware still uses a shadow packet
which rejects dotted usernames.
No - sorry.
I put the relevant programs from the debian shadow packet into my
special distribution (they are only some months younger than the
slackware programs), and all works fine. When slackware renews its
shadow packet this special debian import is obsolet.
Du meintest am 07.07.09:
> If new versions of packages in use don't offer any new features of
> value (or fixes that matter), why bother "upgrading". If your
> preference is for a Linux distribution that always keeps the latest
> versions of all packages it ships with, regardless of stability, new
> bugs, etc., Slackware may not be the distribution for you.
Most times slackware keeps newer versions than the competitors. And no
stoneaged backports, p.e. That's another reason I like slackware.
Du meintest am 07.07.09:
>>> "Ubuntu" - an African word, meaning "Slackware is too hard for me".
>> do you really insist about that idea of you that a username MUST
>> have a dot and a .sig MUSTNOT have a '-- ' prefix line?-)
> Helmut, your "competitors" use a proper signature delimiter in their
> messages, and your colleagues keep asking "why not your messages,
> too"?
Nobody has to follow my way.
Viele Gruesse
Helmut
Du meintest am 08.07.09:
>> It wouldn't have occured to me (at least) to ever put a '$' at the
>> end of a username (seems like a VMS thing to me ...), let alone that
>> not being able to have a '.' in a username might be a problem ...
> Yep, and if the OP wants, for whatever reason, to have '$' at the end
> (samba machine accounts maybe) it can be done already with the
> current tools:
> root:~$ useradd -d /home/test\$ -s /bin/bash -m test\$
And then pwck from the slackware shadow packet mourns - no good way.
Sorry.
The better way is taking the actual "shadow" sources (or at least
sources not older than from 2003) and recompile the packet.
Maybe at your installation, but here at the university all accounts,
Windows, Linux and/or Mac, including samba etc, consist of a single word
(lower case letters, optional digits but NOT as the first character, no
other chars allowed (and they're issued centrally, the user cannot
choose them.
E.g. mine is "ehartman" as I happened to be the first hartman with a E
as first initial, but my co-worker has got "erikdevries" as his, as
there already was another "edevries" around.
OK, we've got over 10 000 user names around, with all the staff members,
students and guests, so you need a rigoreus scheme to avoid name clashes.
My remote "shares" are mounted with the same username as I use to login,
all usernames are validated by a central Active Directory Services
server, how much more Windows can you get!
I must admin the more powerfull "support" accounts do have a - in them,
as they're always start with "sup-" (and the rest mostly is your normal
username or something close to it).
--
Eef Hartman, Delft University of Technology, dept. SSC/ICT
> Helmut Hullen wrote:
>> Samba machine accounts need a trailing "$".
>
> Maybe at your installation, but here at the university all accounts,
> Windows, Linux and/or Mac, including samba etc, consist of a single word
> (lower case letters, optional digits but NOT as the first character, no
> other chars allowed (and they're issued centrally, the user cannot
> choose them.
That is OK, as long as you do not have to support Windows "domains". A
Windows machine applying for domain membership must have a machine name
ending in $. If it can be done otherwise I would be happy to get informed,
because it definitely _is_ a PITA.
Du meintest am 08.07.09:
>> Samba machine accounts need a trailing "$".
> Maybe at your installation, but here at the university all accounts,
> Windows, Linux and/or Mac, including samba etc, consist of a single
> word (lower case letters, optional digits but NOT as the first
> character, no other chars allowed (and they're issued centrally, the
> user cannot choose them.
Please don't mix what's possible with what's usual in your system.
POSIX allows dots.
> E.g. mine is "ehartman" as I happened to be the first hartman with a
> E as first initial, but my co-worker has got "erikdevries" as his, as
> there already was another "edevries" around.
That's another problem, and it's not related with dotted usernames.
(By the way: greetings from Friesland (with the capital Jever) to
Westfriesland)
Where's the big problem to recompile a 7 year old packet? Many
competitors have yet tried this adventure. Without severe damages.
And nobody is obliged to change his oder her local rules how to build a
username.
Du meintest am 08.07.09:
>>> Samba machine accounts need a trailing "$".
[...]
> That is OK, as long as you do not have to support Windows "domains".
> A Windows machine applying for domain membership must have a machine
> name ending in $. If it can be done otherwise I would be happy to get
> informed, because it definitely _is_ a PITA.
Just a workaround:
http://arktur.shuttle.de/CD/5.0/slack/ods1/odsshadow.tgz
It overwrites only that binaries from the original slackware shadow
packet which don't allow dots and a trailing "$".
I'm not a Windows admin, but we do support domains, like the "dastud"
one I need in the Altiris (yes, yuck, a Windows program!) remote
deployment program.
My remote desktop is started with options
-u sup-ehartman -d dastud
to the rdesktop program (so "username" is "sup-ehartman" and "domain" is
"dastud". And that opens a remote desktop window TO a Windows 2003
server (which can run the above mentioned Altiris program as well as
several other "central management" applications, like the Active
Directory registration program).
HOW that actually works you'll have to ask our BackOffice, I'm just
using it.
> Hallo, Sylvain,
>
> Du meintest am 07.07.09:
>
>>>> "Ubuntu" - an African word, meaning "Slackware is too hard for me".
>
>>> do you really insist about that idea of you that a username MUST have
>>> a dot and a .sig MUSTNOT have a '-- ' prefix line?-)
>
>> Helmut, your "competitors" use a proper signature delimiter in their
>> messages, and your colleagues keep asking "why not your messages, too"?
>
> Nobody has to follow my way.
Nobody would *want* to follow "your way". It's the *wrong* way.