Project

General

Profile

Feature #1558

Relax Restrictions on Usernames

Added by daniel kho about 8 years ago. Updated over 3 years ago.

Status:
Resolved
Priority:
Low
Assignee:
Category:
OS/Net (Kernel and Userland)
Target version:
-
Start date:
2011-09-24
Due date:
% Done:

0%

Estimated time:
Difficulty:
Hard
Tags:

Description

Perhaps it's a good idea to allow usernames longer than 8 characters? Also, allow the "dot" character to be inserted as part of a username?
I'm not sure why this restriction in the first place, but I'm guessing it's something to do with database space? With better space management, and with lots of space, I don't see why this should remain as a requirement.

History

#1

Updated by Richard PALO about 8 years ago

For what it is worth, there is finally activity from Oracle for Solaris Express
on the following:

 CR 4109819 Updated, P3 utility/other user names longer than 8 characters needed

daniel kho wrote:

Perhaps it's a good idea to allow usernames longer than 8 characters? Also, allow the "dot" character to be inserted as part of a username?
I'm not sure why this restriction in the first place, but I'm guessing it's something to do with database space? With better space management, and with lots of space, I don't see why this should remain as a requirement.

#2

Updated by Bayard Bell over 7 years ago

  • Category set to OS/Net (Kernel and Userland)
  • Assignee set to OI illumos
  • Priority changed from Normal to Low
  • Difficulty changed from Medium to Hard
  • Tags deleted (needs-triage)

daniel kho wrote:

I'm not sure why this restriction in the first place, but I'm guessing it's something to do with database space? With better space management, and with lots of space, I don't see why this should remain as a requirement.

It's largely a standards compliance issue compounded by questions about the large number of likely touch points when changing such a thing. This would need to be resolved in the illumos-gate upstream. I wouldn't expect this to be done any time soon.

Don't know about character set issues, as those open up a further can on worms.

#3

Updated by Garrett D'Amore over 7 years ago

This goes back to ancient days; specifically /var/adm/utmp has fixed width fields and is limited to just 8 characters wide for login ids. It is possible to create logins with longer names, but utmp utilities (there are many that read this file, and many of them are 3rd party) won't be able to determine logged in state properly if you go past 8 characters.

#4

Updated by Jon Strabala over 7 years ago

1. I imagine the issue involved is much much more than just the issues /var/adm/utmp database and the utmp utilities.

2. I think the POSIX standard says that 8 characters max from (might be outdated): http://pubs.opengroup.org/onlinepubs/9699919799/basedefs/limits.h.html

{_POSIX_LOGIN_NAME_MAX}
      The size of the storage required for a login name, in bytes (including the terminating null).
      Value: 9

{LOGIN_NAME_MAX}
      Maximum length of a login name.
      Minimum Acceptable Value: {_POSIX_LOGIN_NAME_MAX}

Although there appears to be a growing support for LINUX via http://man7.org/linux/man-pages/man3/sysconf.3.html

LOGIN_NAME_MAX - _SC_LOGIN_NAME_MAX
      Maximum length of a login name, including the terminating null byte.
      Must not be less than _POSIX_LOGIN_NAME_MAX (9).

3. Even if things worked like they do on say AIX (not a Solaris or illumos thing), http://www.ccplusplus.com/2011/07/aix-user-administration-mkuser.html - there would still be compiled programs and scripts (perl, sh, bash, php, etc.) that would expect the 8 char limit.

To change the value, simply adjust the v_max_logname parameter (shown as max_logname in 
lsattr) using chdev to the maximum number of characters desired plus one to accommodate
 the terminating character. For example, if you want to have user names that are 128 
characters long, you would adjust the v_max_logname parameter to 129 [AIX only]:

# chdev -l sys0 -a max_logname=129
sys0 changed

4. For operating systems that exceed 8 characters limit, there are typically pretty big growing pains, e.g. numerous bug reports and/or complaints about software not working and bugs that need to be fixed. For example refer to http://lists.busybox.net/pipermail/busybox/2011-July/thread.html#76361

5. Oddly enough "Product Standard: Internationalized System Calls and Libraries Extended V3" at http://www.opengroup.org/csq/view.mhtml?norationale=1&noreferences=1&RID=sun%2FSD1%2F7 , this is Oracle Corporation Conformance Statement, defines the following for Solaris 10 on -desn't seem to be much wiggle room here (FYI even 11 FCS and later - specifies the same portability environment see http://www.opengroup.org/csq/view.mhtml?norationale=1&noreferences=1&RID=sun%2FCX1%2F7):

Macro Name            Meaning                              Minimum               Maximum
LOGIN_NAME_MAX        Maximum length of a login name.      9                     9
#5

Updated by Igor Pashev over 7 years ago

Isn't utmp obsolete (in favor of utmpx)?

# grep -rnHw ut_user /usr/include/utmpx.h 
/usr/include/utmpx.h:56:#define ut_name ut_user
/usr/include/utmpx.h:68:        char    ut_user[32];            /* user login name */
/usr/include/utmpx.h:104:       char    ut_user[32];            /* user login name */
#6

Updated by Richard PALO over 7 years ago

According to utmp.h

/*
 * Note:  The getutent(3c) family of interfaces are obsolete.
 * The getutxent(3c) family provide a superset of this functionality
 * and should be used in place of getutent(3c).
 */
....
/*
 * This data structure describes the utmp *file* contents using
 * fixed-width data types.  It should only be used by the implementation.
 *
 * Applications should use the getutxent(3c) family of routines to interact
 * with this database.
 */

From the getutxent(3c) manpage:

  getutxent()
     The getutxent() function reads in  the  next  entry  from  a
     utmpx  database.  If  the  database  is not already open, it
     opens it. If it reaches the end of the database, it fails.
  ...
  getutmp()
     The getutmp() function copies the information stored in  the
     members  of the utmpx structure to the corresponding members
     of the utmp structure. If the information in any  member  of
     utmpx  does  not  fit  in the corresponding utmp member, the
     data is silently  truncated.  (See  getutent(3C)  for   utmp
     structure)
#7

Updated by Richard PALO over 7 years ago

By the way, on oi_151a2 no utmp just utmpx

$ ls /var/adm
acct        exacct      log         messages.0  messages.2  pool        sm.bin      streams     utmpx
aculog      lastlog     messages    messages.1  messages.3  sa          spellhist   sulog       wtmpx

#8

Updated by Adam Števko over 3 years ago

  • Status changed from New to Resolved

Also available in: Atom PDF