Thursday 8 April 2021

Fully numeric usernames in Focal

Hi,

While reviewing a bug in Focal I noticed that useradd allows the creation of fully numeric usernames[1] but systemd does not like them[2]. This triggers issues in apps relying on systemd, such as gnome/gdm (returns to gdm after authenticating). For instance, after creating user 0, the user can log in via ssh or console but loginctl won't create a session for it:  

root@focal:/home/ubuntu# useradd -m 0
root@focal:/home/ubuntu# id 0
uid=1005(0) gid=1005(0) groups=1005(0)

..

0@192.168.122.6's password:                                                          
Welcome to Ubuntu 20.04.2 LTS (GNU/Linux 5.8.0-48-generic x86_64)

 * Documentation:  https://help.ubuntu.com
 * Management:     https://landscape.canonical.com
 * Support:        https://ubuntu.com/advantage  
                                                 
  System information as of Thu Apr  8 16:17:51 UTC 2021
 
  System load:  0.34              Processes:             157
  Usage of /:   77.2% of 7.58GB   Users logged in:       0  
  Memory usage: 6%                IPv4 address for ens3: 192.168.122.6
  Swap usage:   0%
 
 * Introducing self-healing high availability clusters in MicroK8s.
   Simple, hardened, Kubernetes for production, from RaspberryPi to DC.
   
     https://microk8s.io/high-availability
   
0 updates can be installed immediately.
0 of these updates are security updates.

Your Hardware Enablement Stack (HWE) is supported until April 2025.

Last login: Thu Apr  8 16:17:06 2021 from 192.168.122.1
$ loginctl
No sessions.
$ w
 16:20:09 up 4 min,  1 user,  load average: 0.03, 0.14, 0.08
USER     TTY      FROM             LOGIN@   IDLE   JCPU   PCPU WHAT
0        pts/0    192.168.122.1    16:17    0.00s  0.00s  0.00s w  

And pam-systemd shows the following message:

Apr 08 16:17:06 focal sshd[1584]: pam_unix(sshd:session): session opened for user 0 by (uid=0)
Apr 08 16:17:06 focal sshd[1584]: pam_systemd(sshd:session): pam-systemd initializing
Apr 08 16:17:06 focal sshd[1584]: pam_systemd(sshd:session): Failed to get user record: Invalid argument

                                                                                             

I personally think that fully numeric usernames are generally a bad idea, but I'm not familiar with the background on this topic (I assume this is not an expected behavior, as it started happening in Focal). Should useradd allow such usernames given the interaction with systemd? If so, can we document this somewhere?

Thanks,

Victor


[1] man useradd

On Debian, the only constraints are that usernames must neither start with a dash ('-') nor plus ('+') nor tilde ('~') nor contain a colon (':'), a comma (','), or a whitespace (space: ' ', end of line: '\n', tabulation: '\t', etc.). Note that using a slash ('/') may break the default algorithm for the definition of the user's home directory.

[2] https://github.com/systemd/systemd/blob/main/docs/USER_NAMES.md

"Similar, no names consisting of an initial hyphen and otherwise entirely made up of digits (rationale: avoid confusion with negative, numeric UID/GID specifications, e.g. -1)"

This topic has been discussed a few times: