What characters should I use or not use in usernames on Linux?

Question

I want to create user accounts named after a domain name. adduser complains that the usernames need to match the NAME_REGEX regular expression.

adduser: Please enter a username matching the regular expression configured
via the NAME_REGEX configuration variable.  Use the `--force-badname'
option to relax this check or reconfigure NAME_REGEX.

I can add the users using useradd without complaint. Is there a reason that I shouldn't modify the regular expression to allow ., - and _?

What characters will cause problems and shouldn't be allowed in usernames?

This is the default NAME_REGEX.

NAME_REGEX="^[a-z][-a-z0-9]*\$"

score 48 · Answer 1 · edited Aug 14 '20 at 10:54

More specifically, the POSIX ("Portable Operating System Interface for Unix") standard (IEEE Standard 1003.1 2008) states:

3.437 User Name

A string that is used to identify a user; see also User Database. To be portable across systems conforming to POSIX.1-2017, the value is composed of characters from the portable filename character set. The <hyphen-minus> character should not be used as the first character of a portable user name.

3.282 Portable Filename Character Set

The set of characters from which portable filenames are constructed.
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
a b c d e f g h i j k l m n o p q r s t u v w x y z
0 1 2 3 4 5 6 7 8 9 . _ -

Any username that complies with this standard is POSIX-compliant, and ought to be safe.

score 33 · Accepted Answer · edited May 08 '22 at 15:14

My advice to you is to follow the standard recommended by the default NAME_REGEX. You can actually put nearly anything in a user name under *NIX but you may encounter odd problems with library code that makes assumptions. Case in point:

https://web.archive.org/web/20170928165345/http://blog.endpoint.com/2008/08/on-valid-unix-usernames-and-ones-sanity.html

My question to you: do you have a lot of domain names that would collide with each other if you stripped out the unusual punctuation? For example, do you have both "QUALITY-ASSURANCE" and QUALITYASSURANCE" as domain names? If not, you could simply adopt a policy of stripping out the unusual characters and using what's left as the user name.

Also, you could use the "real name" section of the GECOS field in the /etc/passwd information to store the original, unmodified domain name, and scripts could extract it pretty easily.

Arunas Bart · Answer 3 · 2023-11-21T14:36:17.787

It seems that there is a reason behind this limitation.

If you try to run systemd(1) service for scripts, it can be starting as root and not as an ordinary user. It's caused by systemd not recognize user with dot (domain.com user name for example) as valid user and runs service as root instead. Still this can be already fixed on systemd side, but still has a risk.

Also having dots in the user name creates some issues with scripts using chown(1), which accepts dots as separator between user name and group name, see man page for chown(1) on the system, to identify is it legacy or modernized version. In older systems, there could be scripts using this notation, which will break if a user name contains a dot.

wzzrd · Answer 4 · 2009-10-09T21:49:52.770

0

From the NAME_REGEX can be deduced that everything but a through z in upper- and lowercase and the number 0 through 9 would be bad.

edited Oct 09 '09 at 21:49

answered Oct 09 '09 at 20:24

wzzrd

10,589

What characters should I use or not use in usernames on Linux?

4 Answers4

Linked

Related