CentOS 6 和 RHEL 6 上 linux 用户名的真正规则是什么? [英] What are the real rules for linux usernames on CentOS 6 and RHEL 6?

问题描述

我正在编写一些可用于创建 Linux 用户帐户的 Web UI 页面.此 Web UI 将用于 CentOS 6(衍生自 RHEL 6).我发现关于什么是有效 Linux 用户名的信息不一致且不完整.我查看了源代码，检查了一个 Linux shadow-utils 源代码包，但我无法确保我所查看的版本实际上与 CentOS 6 的版本相同.

I'm writing some web UI pages that can be used to create Linux user accounts. This web UI will be used on CentOS 6 (which is derived from RHEL 6). I'm finding inconsistent and incomplete information about what constitutes a valid Linux user name. I went to the source, examining a Linux shadow-utils source package but I did not ensure that the version I was looking at is in fact the same as that which is part of CentOS 6.

下面是我目前使用的代码片段，其中包括复制/粘贴 shadow-utils 包版本 4.1.4.3 中的注释，加上我自己的一些注释，以及一个 Java 正则表达式搜索，以遵循我的理解.在 shadow-utils 源.

Below is the code fragment I currently use, which includes copy/paste of the comments from the shadow-utils package version 4.1.4.3, plus some of my own notes, and a Java regular expression search to follow my understanding from looking at shadow-utils source.

chkname.c 中引用的is_valid_name()"检查显然不是 Linux 上的 useradd 命令使用的，因为注释(和 C 代码源)不允许名称以数字开头.但是，useradd 确实允许创建像1234"这样的帐户.

The referenced "is_valid_name()" check in chkname.c is apparently not what is used from the useradd command on Linux, since the comments (and the C-code source) do not allow names beginning with a number. However, useradd does allow one to create an account like "1234".

我希望能帮助我从现在的内容调整为更正确的内容，以及有关如何使用一些略有不同的 is_valid_name 函数实现 useradd.c 的信息.

I'd appreciate assistance adjusting from what I have now to what would be more correct, as well as info about how useradd.c is implemented with some slightly different is_valid_name function.

谢谢！艾伦

/**
 * Define constants for use in isNameLinuxCompatible(...) method.
 *
 * The source for the Linux compatible user name rule is is_valid_name(...) a function in the "shadow" package
 * for Linux.  The source file for that function has a comment as follows:
 *      User/group names must match [a-z_][a-z0-9_-]*[$]
 * That expression is a little loose/sloppy since
 * (1) the trailing $ sign is optional, and
 * (2) uppercase A-Z is also ok (and case is significant, 'A' != 'a').
 *
 * We deal with (1) by using the [$]? form where the ? means zero or more characters (aka "greedy").
 * We deal with (2) by using the CASE_INSENSITIVE option.
 *
 * Another way to express this is:
 *  1st character:                      a-z_         required at least one char
 *  chars other than first and last:    a-z0-9_-     optional
 *  last character:                     $            optional
 * Max length is 31.  Min length is 1.
 *
 * NOTE: The initial ^ and final $ below are important since we need the entire string to satisfy the rule,
 * from beginning to end.
 *
 * See http://download.oracle.com/javase/6/docs/api/java/util/regex/Pattern.html for reference info on pattern matching.
 */

private static final String  LINUX_USERNAME_REGEX     = "^[a-z_][a-z0-9_-]*[$]?$";
private static final Pattern LINUX_USERNAME_PATTERN   = Pattern.compile(LINUX_USERNAME_REGEX, Pattern.CASE_INSENSITIVE);
private static final int     LINUX_USERNAME_MINLENGTH = 1;
private static final int     LINUX_USERNAME_MAXLENGTH = 31;

/**
 * See if username is compatible with standard Linux rules for usernames, in terms of length and
 * in terms of content.
 *
 * @param username the name to be checked for validity
 * @return true if Linux compatible, else false
 */
public boolean isNameLinuxCompatible (final String username) {
    boolean nameOK = false;
    if (username != null) {
        int len = username.length();
        if ((len >= LINUX_USERNAME_MINLENGTH) && (len <= LINUX_USERNAME_MAXLENGTH)) {
            Matcher m = LINUX_USERNAME_PATTERN.matcher(username);
            nameOK = m.find();
        }
    }
    return (nameOK);
}

推荐答案

基本的 gnu/linux 用户名是 32 个字符的字符串 (useradd(8)).这是 BSD 4.3 标准的遗留格式.passwd(5) 增加了一些额外的限制，比如不要使用大写字母、不要使用点、不要以破折号结尾、不能包含冒号.

A basic gnu/linux username is a 32 character string (useradd(8)). This is a legacy format from the BSD 4.3 standard. passwd(5) adds some additional restrictions like, do not use capital letters, do not use dots, do not end it in dash, it must not include colons.

为了安全起见，请遵循与 C 标识符相同的规则:

To be on the safe side of things, follow the same rules of a C identifier:

([a-z_][a-z0-9_]{0,30})

这是问题的一半.现代 GNU/Linux 发行版使用 PAM 进行用户身份验证.有了它，您可以选择任何您想要的规则以及任何数据源.

That's half the problem. Modern GNU/Linux distributions use PAM for user authentication. With it you can choose any rule you want and also any data source.

既然你在写一个程序，最好定义你自己的格式，然后使用pam_ldap、pam_mysql之类的东西来访问它.

Since you are writing a program it's better to define your own format, and then use something like pam_ldap, pam_mysql, etc. to access it.

这篇关于CentOS 6 和 RHEL 6 上 linux 用户名的真正规则是什么?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！