2 files changed, 16 insertions, 4 deletions

diff --git a/scripts/system/vyatta_check_username.pl b/scripts/system/vyatta_check_username.pl
index 254b3417..778f8976 100644
--- a/scripts/system/vyatta_check_username.pl
+++ b/scripts/system/vyatta_check_username.pl
@@ -44,9 +44,24 @@ sub finduser {
 }
 
 foreach my $user (@ARGV) {
-    my $uid = getpwnam($user);
+    # enforce recommendation from useradd man page
+    # Debian, the only constraints are that usernames must neither start
+    #  with a dash (-) nor contain a colon (:) or a whitespace (space:  , end
+    #  of line: \n, tabulation: \t, etc.). Note that using a slash (/) may
+    #  break the default algorithm for the definition of the users home
+    #  directory.
+    die "$user : illegal characters in user name\n"
+	unless ($user =~ /^\w[^ \t\n\r\v\f:\/]*$/);
+
+    # It is usually recommended to only  use usernames that begin with a 
+    # lower case letter or an underscore
+    # followed by lower case letters, digits, underscores, or dashes.
+    # They can end with a dollar sign. In regular expression terms:
+    warn "$user : username should only contain lowercase digits and underscore\n"
+	unless ($user =~ /^[a-z_][a-z0-9_-]*\$?$/);
 
     # User does not exist in system, its okay
+    my $uid = getpwnam($user);
     next unless defined($uid);
 
     # System accounts should not be listed in vyatta configuration
diff --git a/templates/system/login/user/node.def b/templates/system/login/user/node.def
index 751767d6..7e56ca0f 100644
--- a/templates/system/login/user/node.def
+++ b/templates/system/login/user/node.def
@@ -2,9 +2,6 @@ tag:
 type: txt
 help: Set user account information
 
-syntax:expression: pattern $VAR(@) "^[a-zA-Z_][a-zA-Z0-9_-]*\\$?$"
-                     ; "invalid user name $VAR(@)"
-
 syntax:expression: exec "/opt/vyatta/sbin/vyatta_check_username.pl $VAR(@)"
 
 commit:expression: $VAR(authentication/encrypted-password) != ""