38

A student just asked what could be the downside of having a dot (. ) in the name of the user. For example: john.doe

How will this affect the system or any apps for that matter?

kiri
  • 28,246
  • 16
  • 81
  • 118
Luis Alvarado
  • 211,503

4 Answers4

53

POSIX states this about usernames:

[...] To be portable across systems conforming to IEEE Std 1003.1-2001, the value is composed of characters from the portable filename character set. The hyphen should not be used as the first character of a portable user name.

... where the portable filename character set is:

A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
a b c d e f g h i j k l m n o p q r s t u v w x y z
0 1 2 3 4 5 6 7 8 9 . _ -

Also, the manpage for the /etc/adduser.conf file Manpage icon states:

   VALID NAMES
          adduser and addgroup enforce conformity to IEEE Std 1003.1-2001,
          which  allows  only  the following characters to appear in group
          and user names: letters, digits, underscores, periods, at  signs
          (@) and dashes. The name may not start with a dash. The "$" sign
          is allowed at the end of usernames (to conform to samba).

          An additional  check  can  be  adjusted  via  the  configuration
          parameter NAME_REGEX to enforce a local policy.

However,

Whilst both specifications seem to include the dot, Ubuntu (on my 13.04 at least) seems to disallow it:

⊳ sudo adduser as.df
adduser: Please enter a username matching the regular expression configured
via the NAME_REGEX[_SYSTEM] configuration variable.  Use the `--force-badname'
option to relax this check or reconfigure NAME_REGEX.

The default NAME_REGEX in Ubuntu is (from the /etc/adduser.conf manpage):

^[a-z][-a-z0-9]*$
  • Starting with a lowercase letter then any number of dashes, lowercase letters or digits. No _, @ or ..

So,

in conclusion a dot . may be used for a Ubuntu username, the NAME_REGEX just has to be changed in /etc/adduser.conf. Seeing as it conforms to POSIX, there shouldn't be any problems with having a . in the username with any POSIX-compliant program.

To enable a dot in usernames

  1. Run this command in a terminal:

    sudo nano /etc/adduser.conf

  2. Locate this line (near the end of the file)

    #NAME_REGEX="^[a-z][-a-z0-9]*$"

    and replace it with

    NAME_REGEX='^[a-z][-.a-z0-9]*$'

    Note that the - must remain the first character in the bracket expression [...], otherwise it is treated as specifying a range a-z.

  3. Press Ctrl+X, then Y, then Enter.

References:

Community
  • 1
kiri
  • 28,246
  • 16
  • 81
  • 118
  • @vasa1 Thanks for pointing that out, fixed. – kiri Jan 15 '14 at 02:53
  • 3
    Hi minerz029, before accepting the answer which as far as I can see, it is an excellent one no doubt, could you please provide the reasons why Ubuntu would make this decision. – Luis Alvarado Jan 17 '14 at 00:19
  • 2
    @LuisAlvarado: It's possible that it's for compatibility with [non POSIX] programs which expect a username using a more limited character set. The characters Ubuntu allow by default are almost guaranteed to work in almost all programs. The adduser manpage describes the default regex as "most conservative", being on the safer side of usernames. – kiri Jan 20 '14 at 10:29
  • So, how do I then change the regex? Using NAME_REGEX="^[a-z][-a-z0-9_\.]*\$" doesn't do the job, although I'd expect it to work. It yields the same error you give in your However paragraph. – 0xC0000022L Dec 30 '14 at 14:12
  • @0xC0000022L Please check my updated answer. I have confirmed it works on my 14.04 system. – kiri Dec 30 '14 at 20:44
  • @minerz029: have you tried to create something like foo.bar, though? What I don't understand is why the . cannot be escaped as would be possible inside Perl normally (adduser is a Perl script). – 0xC0000022L Dec 30 '14 at 20:48
  • 1
    This did not work for me, but adding NAME_REGEX="^[a-z][-a-z0-9_.]*\$?$" in /etc/adduser.conf did. – Mario Jul 08 '16 at 19:54
  • 2
    Don't change the regex. Just call useradd instead: sudo useradd -m my.user. That's what we do in Userify and it's also cross platform. – fatal_error Feb 04 '17 at 07:00
  • useradd does not set user's shell by default, better use sudo adduser --force-badname my.user – gmk57 Oct 05 '21 at 12:07
6

Marc Haber explains a possible downside in Debian bug #604242 (Allow dots in username by default):

Having dots in the user name creates some issues with scipts using chown, which still accepts dots as separator between user name and group name. If chown still accepts dots, there will be scripts using this notation, which will break if a user name contains a dot.

I would recommend keeping the current default (which can be overwritten by local configuration) until chown has stopped accepting dots as separator.

And chown still accepts the dot as separator, although it isn't documented anymore. I agree POSIX compatibility should prevail, and I indeed employ user names containing dots on several systems without any adverse effects.

Ferenc Wágner
  • 161
3

It seems that there is a reason behind this limitation.

If you try to run systemd service for scripts, it can be starting as root and not as a user. It's caused by systemd not recognize user with dot (domain.com user name for example) as valid user and runs service as root instead. Still this can b fixed already on systemd side, but still has a risk.

Also having dots in the user name creates some issues with scripts using chown, which still accepts dots as separator between user name and group name. If chown still accepts dots, there will be scripts using this notation, which will break if a user name contains a dot.

Arunas Bart
  • 143
3

Applications that reads usernames might use a regex that assumes your username follows the rules and therefore can't handle your username.

Jo-Erlend Schinstad
  • 29,531