Re: [suse-security] Re: User with dots ? Why not in yast2
* Lars Vaessen
[2002-05-05 16:49 +0200]: First one. Some implementations of chown expect user and group separated by a dot. If your username was "lars.vaessen", how could an admin of such a system chown you a file? It would go to the different user "lars" and the group "vaessen".
That's simply not true. I just chowned bogus.guy /home/bogus.guy/*.x*, as an experiment and it works as expected.
If previous versions of yast didn't mind dots, they are broken.
This is something that needs to be conclusively proven by real world examples of system malfunction arising from this use rather than an aesthetic dislike of the dotted seps. Not to mention that a trivial c program or awk script could probably be used to insulate this problem on systems that do exhibit this behavior. Disclaimer: I don't like using "." seps in legitimate, system usernames, but for mailusers it is something that is sometimes desirable IMO.
* ts
Some implementations of chown expect user and group separated by a dot. If your username was "lars.vaessen", how could an admin of such a system chown you a file? It would go to the different user "lars" and the group "vaessen".
That's simply not true. I just chowned bogus.guy /home/bogus.guy/*.x*, as an experiment and it works as expected.
If you had followed my explanation, you would have come to this: $ touch somefile; ls -ld $_ -rw-r--r-- 1 root root 0 May 5 21:25 somefile $ useradd lars $ groupadd vaessen $ chown lars.vaessen somefile && ls -ld somefile -rw-r--r-- 1 lars vaessen 0 May 5 21:25 somefile $ rm somefile; touch $_; ls -ld $_ -rw-r--r-- 1 root root 0 May 5 21:25 somefile $ useradd lars.vaessen $ chown lars.vaessen somefile && ls -ld somefile -rw-r--r-- 1 lars.vae root 0 May 5 21:26 somefile As you can see, the behaviour of chown depends on the contents of your /etc/passwd . So it's impossible to predict what would happen by deriving the commandline. And that's why you really do *not* want to use dots in usernames.
If previous versions of yast didn't mind dots, they are broken. This is something that needs to be conclusively proven by real world examples of system malfunction arising from this use rather than an aesthetic dislike of the dotted seps.
as proven above.
I don't like using "." seps in legitimate, system usernames, but for mailusers it is something that is sometimes desirable
man 5 aliases Regards, -- Johannes Franken Professional unix/network development mailto:jfranken@jfranken.de http://www.jfranken.de/
* Johannes Franken wrote on Sun, May 05, 2002 at 22:24 +0200:
* ts
[2002-05-05 22:23 +0200]: $ chown lars.vaessen somefile && ls -ld somefile
I always though that the delimiter is ":" and "." is a non-standard extenstion.
$ chown lars.vaessen somefile && ls -ld somefile -rw-r--r-- 1 lars.vae root 0 May 5 21:26 somefile
what's with: chown lars.vaessen: somefile or :users maybe? But unclean in all causes of course. Risky.
As you can see, the behaviour of chown depends on the contents of your /etc/passwd . So it's impossible to predict what would happen by deriving the commandline. And that's why you really do *not* want to use dots in usernames.
Ohh, yes. If the order of entries change (should happen in YP configs), the command does different things, bad...
I don't like using "." seps in legitimate, system usernames, but for mailusers it is something that is sometimes desirable
man 5 aliases
Additionally, this has the advantage that the usernames are not know which makes attacks slightly more difficult. oki, Steffen -- Dieses Schreiben wurde maschinell erstellt, es trägt daher weder Unterschrift noch Siegel.
participants (3)
-
Johannes Franken
-
Steffen Dettmer
-
ts