在CentOS 6和RHEL 6上的linux用户名的真正规则是什么? [英] What are the real rules for linux usernames on CentOS 6 and RHEL 6?
问题描述
我在写一些可用于创建Linux用户帐户的网页UI页面。此Web UI将用于CentOS 6(源自RHEL 6)。我发现关于什么构成有效的Linux用户名的不一致和不完整的信息。我去源,检查一个Linux shadow-utils源码包,但我没有确保我正在看的版本实际上是作为CentOS 6的一部分相同。
下面是我目前使用的代码片段,其中包括复制/粘贴来自shadow-utils包版本4.1.4.3的注释,以及一些我自己的笔记和一个Java正则表达式搜索以跟随我的理解从查看shadow-utils源。
在chkname.c中引用的is_valid_name()检查显然不是从Linux上的useradd命令使用,因为注释(和C代码源)不允许以数字开头的名称。但是,useradd允许创建一个像1234这样的帐户。
我希望帮助调整从现在到更正确,作为关于如何使用一些稍微不同的is_valid_name函数实现useradd.c的信息。
谢谢!
Alan
/ **
*定义在isNameLinuxCompatible(...)方法中使用的常量。
*
* Linux兼容用户名规则的源是is_valid_name(...)shadow包中的一个函数
* for Linux。该函数的源文件具有如下注释:
*用户/组名称必须匹配[a-z _] [a-z0-9 _-] * [$]
*表达式有点从
*(1)尾随$符号是可选的,
*(2)大写AZ也是确定(和情况是有效的,'A'!='a')。
*
*我们使用[$]处理(1)?形式哪里?表示零个或多个字符(又名贪婪)。
*我们使用CASE_INSENSITIVE选项处理(2)。
*
*另一种表达方式是:
*第一个字符:a-z_需要至少一个char
*除第一个和最后一个字符之外的字符:a-z0-9_ - 可选
*最后一个字符:$ optional
*最大长度为31.最小长度为1.
*
*注意:需要整个字符串来满足规则,
*从头到尾。
*
*有关模式匹配的信息,请参阅http://download.oracle.com/javase/6/docs/api/java/util/regex/Pattern.html。
* /
private static final String LINUX_USERNAME_REGEX =^ [a-z _] [a-z0-9 _-] * [$]?$
private static final Pattern LINUX_USERNAME_PATTERN = Pattern.compile(LINUX_USERNAME_REGEX,Pattern.CASE_INSENSITIVE);
private static final int LINUX_USERNAME_MINLENGTH = 1;
private static final int LINUX_USERNAME_MAXLENGTH = 31;
/ **
*查看用户名是否与用户名的标准Linux规则(长度和
*)兼容。
*
* @param用户名要检查有效性的名称
* @如果Linux兼容则返回true,否则为false
* /
public boolean isNameLinuxCompatible username){
boolean nameOK = false;
if(username!= null){
int len = username.length();
if((len> = LINUX_USERNAME_MINLENGTH)&&(len< = LINUX_USERNAME_MAXLENGTH)){
Matcher m = LINUX_USERNAME_PATTERN.matcher(username);
nameOK = m.find();
}
}
return(nameOK);
}
基本的gnu / linux用户名是一个32个字符的字符串( useradd(8))。这是来自BSD 4.3标准的传统格式。 passwd(5)添加了一些额外的限制,例如,不要使用大写字母,不要使用点,不要以破折号结束,不能包含冒号。 >
为了安全起见,遵循C标识符的相同规则:
([a-z _] [a-z0-9 _] {0,30})
<这是问题的一半。现代GNU / Linux发行版使用PAM进行用户身份验证。有了它,你可以选择你想要的任何规则,也可以选择任何数据源。
由于你正在编写一个程序,最好定义自己的格式,然后使用类似 pam_ldap , pam_mysql 等访问它。
I'm writing some web UI pages that can be used to create Linux user accounts. This web UI will be used on CentOS 6 (which is derived from RHEL 6). I'm finding inconsistent and incomplete information about what constitutes a valid Linux user name. I went to the source, examining a Linux shadow-utils source package but I did not ensure that the version I was looking at is in fact the same as that which is part of CentOS 6.
Below is the code fragment I currently use, which includes copy/paste of the comments from the shadow-utils package version 4.1.4.3, plus some of my own notes, and a Java regular expression search to follow my understanding from looking at shadow-utils source.
The referenced "is_valid_name()" check in chkname.c is apparently not what is used from the useradd command on Linux, since the comments (and the C-code source) do not allow names beginning with a number. However, useradd does allow one to create an account like "1234".
I'd appreciate assistance adjusting from what I have now to what would be more correct, as well as info about how useradd.c is implemented with some slightly different is_valid_name function.
Thanks! Alan
/**
* Define constants for use in isNameLinuxCompatible(...) method.
*
* The source for the Linux compatible user name rule is is_valid_name(...) a function in the "shadow" package
* for Linux. The source file for that function has a comment as follows:
* User/group names must match [a-z_][a-z0-9_-]*[$]
* That expression is a little loose/sloppy since
* (1) the trailing $ sign is optional, and
* (2) uppercase A-Z is also ok (and case is significant, 'A' != 'a').
*
* We deal with (1) by using the [$]? form where the ? means zero or more characters (aka "greedy").
* We deal with (2) by using the CASE_INSENSITIVE option.
*
* Another way to express this is:
* 1st character: a-z_ required at least one char
* chars other than first and last: a-z0-9_- optional
* last character: $ optional
* Max length is 31. Min length is 1.
*
* NOTE: The initial ^ and final $ below are important since we need the entire string to satisfy the rule,
* from beginning to end.
*
* See http://download.oracle.com/javase/6/docs/api/java/util/regex/Pattern.html for reference info on pattern matching.
*/
private static final String LINUX_USERNAME_REGEX = "^[a-z_][a-z0-9_-]*[$]?$";
private static final Pattern LINUX_USERNAME_PATTERN = Pattern.compile(LINUX_USERNAME_REGEX, Pattern.CASE_INSENSITIVE);
private static final int LINUX_USERNAME_MINLENGTH = 1;
private static final int LINUX_USERNAME_MAXLENGTH = 31;
/**
* See if username is compatible with standard Linux rules for usernames, in terms of length and
* in terms of content.
*
* @param username the name to be checked for validity
* @return true if Linux compatible, else false
*/
public boolean isNameLinuxCompatible (final String username) {
boolean nameOK = false;
if (username != null) {
int len = username.length();
if ((len >= LINUX_USERNAME_MINLENGTH) && (len <= LINUX_USERNAME_MAXLENGTH)) {
Matcher m = LINUX_USERNAME_PATTERN.matcher(username);
nameOK = m.find();
}
}
return (nameOK);
}
A basic gnu/linux username is a 32 character string (useradd(8)). This is a legacy format from the BSD 4.3 standard. passwd(5) adds some additional restrictions like, do not use capital letters, do not use dots, do not end it in dash, it must not include colons.
To be on the safe side of things, follow the same rules of a C identifier:
([a-z_][a-z0-9_]{0,30})
That's half the problem. Modern GNU/Linux distributions use PAM for user authentication. With it you can choose any rule you want and also any data source.
Since you are writing a program it's better to define your own format, and then use something like pam_ldap, pam_mysql, etc. to access it.
这篇关于在CentOS 6和RHEL 6上的linux用户名的真正规则是什么?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
