MAXLOGNAME + /etc/group + chkgrp invalid character @

Dan The Man dan at
Wed Nov 9 00:32:52 UTC 2011

On Tue, 8 Nov 2011, Chuck Swiger wrote:

> On Nov 8, 2011, at 3:47 PM, Dan The Man wrote:
>> In the daily cron "Daily run output" email always get the following:
>> Verifying group file syntax:
>> chkgrp: /etc/group: line 3: '@' invalid character
> chkgrp expects group names to consist of characters in isalnum().

K so thats a simple fix where it does that check.

>> Could we modify system to support email addresses as usernames.
> Sure, that's why FreeBSD comes with source code.
> You can modify anything you like.  :-)
> However, if you want to use a domain-aware login mechanism, Kerberos is in the base system, and SASL and LDAP are available in ports.  You're not going to break anything allowing "@" into the list of characters which pw(8) likes, but the flatfile passwd and group files are not hierarchical the way domain-aware network identity systems are.
> A secondary issue is that there is rarely a one-to-one relationship between email addresses and users; many email addresses are aliases which expand either to a different username, or even to multiple users.

Wish you would elaborate abit more here, what I have found is email 
addresses tend to make the best usernames, people can remember them :)
They are unique, and you solve 2 problems right away:
a) they can actually remember their username
b) they aren't having to pick through a million different taken usernames
they have to pick on their own, which is frusterating way people often do 

>> From my testing it works fine, even with "Daily run output" complaining I can still su to user i added in wheel group.
>> We'd need to fix ckkgrp source,
>> adduser source, and making move to:
>> #define MAXLOGNAME 256   in /usr/src/sys/sys/param.h
> You can do that also, but I think you'll break compatibility with NIS/YP.

Well with nss-mysql its as simple as modifying the /etc/nsswitch.conf on 
any machine to just point to same db server, works just fine.

> You might not care, but don't be surprised if you find that folks aren't willing to adopt this change back into FreeBSD-- I've seen a few people wanting to increase MAXLOGNAME since 2003 or so.

I've talked to many sys admins as well, that are all modifying the code to 
the kernel for a decade now on every new make buildworld, would be nice to 
see it mainstream.

Only issue doing this I have seen so far, is having to nuke the wtmp/utx* 
files from /var/log on new installs to get them into new format, but that 
would be solved mainstream as well.

I just find the benefits far outweight the cons, sure when we were all 
back in our computer science classes in 80s/90s it made sense. We all had 
accounts on the system for those 3-4 years, and generic usernames made 
sense, but now moving to webhosting environments and providing sftp/ssh 
type access to people on a larger scale, I think the email address as 
usernames make alot more sense now.

I still teach unix at the university time to time and we still use the old
putty/securecrt to sshd daemon way of learning from the command line, in 
that environment I find its about people forgetting passwords, take it up 
a notch to webhosting environment, and i find people forget their 
usernames to, and why I think it would be a good move...


Dan The Man
CTO/ Senior System Administrator
Websites, Domains and Everything else
Email: Dan at

> Regards,
> -- 
> -Chuck

More information about the freebsd-current mailing list