From Tim Grossenbacher
Answered By: Faber Fedor, Jim Dennis
Gradually converting from a Windows 2000 server to Linux running Redhat 7.2.
[Faber] First off, kudos on converting, but hy 7.2? You should at least be doing 7.3 (although I've found 9 to be nice and stable). You have patched the 7.2 box, haven't you?
For many years, we have used social security numbers as login names within the Win2k domain to login.
[Faber] My gawd, man! Are you mad! I certainly hope this domain is nowhere near the Internet! < r. Evil> But if it is, how do you translate between the login of the employee's SSN and his email name? Can you tell me the name of that file and which machine it is on??</Dr. Evil>
And you've never had a problem with identity theft? Amazing.
Linux does not appear to allow me to create a user with numbers only as the user.
[Faber] Correct. Linux (and every *nix I've seen) won't allow login names to start with a number. <Turns to the audience> Why is that? Anyone know?
[JimD] Because any place in the code that's expecting a user toke looks at the first character to determine if it's a UID or a name; then it looks up (getpwnam()) the username and translates it into a UID.
In other words "names" beginning with digits create an ambiguity between different representations of the same object (UID vs. name).
Now, granted this could be changed. Programs could search the entire string for any non-digit and declare it to be a name rather than a UID. However, even then there'd be an ambiguity when the "name" consisted entirely of digits. Also changing this would entail finding every piece of code that was parsing UIDs and user names anywhere (precisely the sort of change that is nearly impossible for an operating system that's been in use in hundreds of implementions for over thirty years).
You could certainly just use a letter prefix to your SSN as your user naming scheme. u1234567890 (123-45-7890) would work just as well as 1234567890.
As Faber as said, using SSN's in ANY visible way is an incredibly bad idea. Perusing the Privacy SSN FAQ:
http://www.faqs.org/faqs/privacy/ssn-faq/index.html
... would be a good idea.
I have created test users with both alpha and numeric characters, and all works perfectly. Is there a work around?
[JimD] Re-think your policy.
[Faber] Well, you could always hack the source, of course, of course. But I assume there's a Good Reason why they don't allow it, I just don't know what it is.
[JimD] Think ambiguity. Then think, millions of lines of code in thousands of programs. Then think 30 years of books, education and programmer experience --- hundreds of thousands of programmers who already know that usernames like most identifiers in most languages must start with an alpha or some suitable punctuation and that leading digits signify a UID.
Sounds like a bad idea all around.
I suppose you could just modify the login programs to accept numerics and prefix them with some letter or even an _ (underscore) before logging the user in. This would keep the change focused just to a few programs and libraries (basically just the PAM and login suite).
However, this sort of hack has a way of causing more confusion later. Everyone at your site will then be "logging in" one way and getting a username that doesn't quite match the string they use to log in --- could cause lots of confusion.