I could agree with giving sysadmins a way to specify a list of disallowed usernames (which would be useful for more reasons than to retire certain usernames, e.g. many sites would probably disallow "admin" as a username, and depending on maturity of the userbase might also find it valuable to forbid profanity as usernames). But it should be in a text file somewhere in /etc, not hardcoded into the source of useradd.c: different sites would have different requirements, and David M. Robertson (a fictional person I just made up, and if that happens to be your actual name then congratulations), who works at a small startup whose standard practice is three-initial usernames, should not be forbidden from using the username dmr just because someone famous also had those initials.
I've tried to look up whether there's a reserved username list option for these tools but either there isn't one or I suck. One option is to set / reset the NAME_REGEX configuration (or env var?), individual distributions could do this.
Silly idea: just create those users manually without giving them a home directory? The names won't be available anymore. You could write a short script wrapping useradd (and userdel? I honestly haven't deleted a user in years and can't remember if that's the correct command) and define your own config file to contain the current set of names managed by the tool.
> You can’t wear 99 in the NHL now, or 6 in the NBA. Maybe you shouldn’t be able to log in as dmr for the same reasons
I can't tell if this is a serious argument or just relying heavily on the use of "maybe" to get away with expressing something that they know most people will disagree with, but I feel like it's a huge stretch to imply that what makes sense for numbers on maybe a couple hundred professional athletes' shirts when they're playing publicly on televised events would apply at all to usernames for millions of normal on their own private devices. To just call out one of the many obvious concerns: this would presumably break any existing logins (and scripts referencing the home directory). The MLB even took this into consideration when they retired 42 for the entire league in honor of Jackie Robinson; any players currently using the number were allowed to continue using it until they retired, and that's was just out of courtesy rather than any actual necessity.
mandatory mention:
It is tradition to refer to this argument as 'for hysterical raisins', when something kept being done in a certain way, only because of some initial irrational arbitrary choice,
is mandated with this argument.
I respect Dennis Ritchie's accomplishments too, but that doesn't mean I want to encode his username as a retired unix username, and in free software projects it's possible for anyone in principle to remove that line of code and rebuild the OS.
I also think that, as important as Unix was for the history of computing, it's also outdated in a lot of ways that I think are holding back computing. We should be reconsidering the use of C to write an operating system at all, as well as the concept of a username in the traditional Unix sense. My ideal operating system wouldn't have `useradd.c` as a concept to begin with.
I think we should reconsider what a user is conceptually. Many, if not most computers, are only used by a single individual (particularly if we count smartphones); but that human user might want to establish a bunch of different contexts or permission modes for various software on their computer depending on what they want to do at any given time. IIRC Android achieves per-app isolation using its Linux kernel by giving every app its own user (in the Linux kernel sense of a user), which is of course pretty different from Dennis Ritchie logging into a PDP-11 with dmr in the 1970s and having that string be associated with his personally-meaningful data artifacts.
Windows has a lot of great ideas around users, groups and permissions. Primarily built around an enterprise use case instead of a home user or server use case, but overall still a lot more refined than the unix system (in large parts due to being developed decades later)
The Authority/UserName scheme that allows you to use user names from different authorities on the same computer without name collisions, and the hierarchical userids that are SIDs are both quite useful. The most obvious everyday use case are file permissions on shared media like a USB drive or a network drive: knowing these files belong to user 1000 isn't very useful if every computer has a different idea of who that is
They aren't perfect by any means. If you were to design the same thing today you'd probably use UUIDs. But there are a lot of good ideas in there
I also think there's room for taking some inspiration from more modern cryptographic-key-based identity systems like blockchain identities and AtProtocol and Urbit - your primary identity as a user is an asymmetric cryptographic key, which you keep extremely secure; and then you can use this key to authenticate and encrypt messages over a public network or on a public data store, and you can derive sub-keys for use in various contexts. Instead of having to have different authorities keep track of usernames, what if every user in the system was identified with a public key from a global, cryptographically-large key-space?
I suspect that coming up with a set of rules as to who would and wouldn't be honored in such a manner would inevitably lead to some real-world violence at some point in the future.
I was always a little upset, a decade or so after I left amzn, to have some 3rd party interaction with a sysadmin there, who upon being told that I had uid=1 informed my correspondent that there was no uid of 1 on their systems anymore.
I mean, locking the account was entirely understandable. Deleting it, though ...
