Path: utzoo!attcan!utgpu!jarvis.csri.toronto.edu!mailrus!uwm.edu!cs.utexas.edu!uunet!mcsun!ukc!dcl-cs!gdt!gdr!exspes From: exspes@gdr.bath.ac.uk (P E Smee) Newsgroups: comp.unix.questions Subject: Re: What chars can REALLY be in usernames? Message-ID: <1989Nov29.132320.18877@gdt.bath.ac.uk> Date: 29 Nov 89 13:23:20 GMT References: <1989Nov21.202349.5303@gdt.bath.ac.uk> Reply-To: exspes@gdr.bath.ac.uk (P E Smee) Organization: University of Bristol c/o University of Bath Lines: 64 I posted the question in the subject field about a week ago. Following is a summary of the responses I received: ---------------- The general summary of responses to my 'what chars can be in Unix usernames' is that Unix itself is not too fussy, and will probably actually allow any printing character except : (because that is the separator in /etc/passwd). However, there is also a consensus that a large number of these characters are undesireable. Some have defined meanings to various commonly used shells or to the kernel, and so would cause various forms of user confusion. Others have defined meanings in standard mail-address schemes, and so would render mail-address strings difficult or impossible to parse. These include @ # \ ; < > ( ) . * % ! [ ] { } ~ ! ? / ' ` " ^ $ & and maybe , . So, at the Unix level it looks like safe characters are A-Z a-z 0-9 + - _ = Added restrictions imposed by other programs: 1) At least one mailserver (the one we run, wouldn't you know?) will not deliver mail to usernames containing underlines. 2) Usernames should DEFINITELY not be all uppercase, as 'login' will then tip you into upper-case-only mode (interestingly, except on our Sequent, which seems not to support that mode). 3) Mixed case is a bad idea, as some mailservers (at least) try to find an exact match for the supplied username, and then a match for the supplied username tolower()ed, which means that if you get the capitalisation wrong it can't be delivered. (And, if you DO use mixed case, you've still got to consider A equivalent to a, for example, to avoid problems, so nothing is gained by it.) 4) All-numeric usernames would probably work, but might cause problems with the few things which will accept either username or userid (number) as args, so should be avoided. 5) = MIGHT cause problems owing to its use in shell 'set's. Probably best to miss it. At this level, then you're left with a-z, 0-9, -, and +. There was one report that some PACKAGES which need to know usernames assume that usernames will be all alphabetic, lowercase only. (RCS particularly was mentioned, whatever that is.) My feeling is that packages which add restrictions which are not intrinsic to the system, and are not required by external standards (like the chars 'reserved' for mail address strings) are flawed, and that you've got a good case for expecting the supplier to deliver a fix. (Certainly done that on VM/CMS.) However it's a matter of personal taste whether you want to get involved in that hassle. Oh, and definitely 8 chars or less. Thanks to everyone who responded. I wasn't able to get thank-you notes back to all of you owing to various authorisation restrictions. -- Paul Smee, Univ. of Bristol Comp. Centre, Bristol BS8 1TW (Tel +44 272 303132) Smee@bristol.ac.uk :-) (..!uunet!ukc!gdr.bath.ac.uk!exspes if you HAVE to)