Does any organisation standardise system management fundamentals?

Ask Fedora
,
1
Context

  1. Through a bug report and discussion about KDE Plasma’s user management KConfig Module silently failing to support commas inside the full name field, I recently came to realise that parsing the GECOS field in /etc/passwd is a rather unstandardised endeavour, [1] for some applications support the comma-delimited values, [2] whereas others consider the entire content to be the user’s full name. [3]

  2. When I discussed this with the chfn developers at github.com/util-linux/util-linux/discussions/3589#discussioncomment-13270218, I was advised that this was the purview of POSIX:

    POSIX defines the /etc/passwd format, but not the GECOS subfields and separators.

  3. Consequently, I intended to file an ommission bug at The Austin Group MantisBT instance: [4]

    image
    image639×359 29.3 KB

    However, upon further research, POSIX.1 (The Open Group Base Specifications Issue 8) is too narrow, so I tried The Single UNIX Specification Version 4.

    Unfortunately, this explicitly states: [5]

    One thing that becomes apparent working with the Single UNIX Specification is its focus on application development. The Single UNIX Specification is similar to the User’s and Programmer’s Reference Manuals on Berkeley or System V systems.

    Matters of system management are not part of this specification. Directory organization is not discussed beyond the simple few directories and devices that applications generally use. User management discussions do not appear. There is no discussion of such files as /etc/passwd or /etc/groups, since an application’s access to the information traditionally kept in these files is through programmatic interfaces such as getpwnam() and getgrnam().

Question

Consequently, does any organisation exist, that I can petition to, to standardise the escape sequences of /etc/passwd’s GECOS field, so that those who use commas in their names can?

Reposts

  1. discuss.kde.org/t/34772/3 ↩︎

  2. unix.stackexchange.com/revisions/541197/1 ↩︎

  3. discuss.kde.org/t/34772/3 ↩︎

  4. eddit.com/r/unix/comments/cf21sh/comment/muj126e ↩︎

  5. unix.org/version4/overview.html ↩︎

2

I have been aware for a long time that the GECOS field in the /etc/passwd file is a comma-delimited field that (potentially) stores more than just the user’s full name.

It is documented in the man pages:

From man passwd.5:

GECOS

This field (sometimes called the “comment field”) is optional and used only for informational purposes. Usually, it contains the full username. Some programs (for example, finger(1)) display
information from this field.

GECOS stands for “General Electric Comprehensive Operating System”, which was renamed to GCOS when GE’s large systems division was sold to Honeywell. Dennis Ritchie has reported: “Sometimes
we sent printer output or batch jobs to the GCOS machine. The gcos field in the password file was a place to stash the information for the $IDENTcard. Not elegant.”

It is also documented on Wikipedia.

From wikipedia.org

Gecos field
The gecos field, or GECOS field, is a field in each record in the /etc/passwd file on Unix and similar operating systems. On UNIX, it is the 5th of 7 fields in a record.

It is typically used to record general information about the account or its user(s) such as their real name and phone number.

Format
The typical format for the GECOS field is a comma-delimited list with this order:

  1. User’s full name (or application name, if the account is for a program)
  2. Building and room number or contact person
  3. Office telephone number
  4. Home telephone number
  5. Any other contact information (pager number, fax, external e-mail address, etc.)

In most UNIX systems non-root users can change their own information using the chfn or chsh command.

Here is an example of GECOS field within an /etc/passwd file in Linux:

janedoe:x:1000:1000:Jane Doe,Room 1015,(234)555-1410,(234)555-1411:/home/janedoe:/usr/bin/zsh

I think I probably first came across the definition when looking into some info about field mappings for Unix accounts in LDAP, but it has been too long ago to remember exactly.

Edit:

Since the passwd.5 man page states, “[The GECOS] field … is optional and used only for informational purposes” and since the getpwnam.3 man page states “The pw_gecos field is not specified in POSIX, but is present on most implementations”, I would conclude that this field is pretty free-form (other than that commas have been adopted by some programs to delimit the information). You should probably just use whatever escape sequence the client program you are using happens to understand (that might be something like \u2C, %2C, or ,).

Edit2: Another option, since most software supports Unicode now, would be to substitute a close Unicode character such as (U+2e34 raised comma) or (U+FE50 small comma).

1 Like
3

Fedora Workstation expects you to use AccountsService, so the GECOS field is only used to store the full name, while email, location, locale, user icon, etc. are stored elsewhere, see:

busctl introspect org.freedesktop.Accounts \
    /org/freedesktop/Accounts/User${UID} org.freedesktop.Accounts.User

Operating more metadata typically relies on some sort of directory service with LDAP.

1 Like
4

@vgaetera, that’s what the KCM utilises, but it still ultimately writes to GECOS. [1]

In @glb’s example, GECOS stores all of those properties by the largest implementers delimiting each ordered property with commas. [2]

That returns .RealName too. Is that being acquired from GECOS, or can I overwrite the value by writing to wherever those other values are purportedly stored?

Most local software that matters to me (in this case, KDE’s user management KCM) doesn’t interface with LDAP. [3]

  1. gitlab.freedesktop.org/accountsservice/accountsservice/-/issues/118 ↩︎

  2. forums.freebsd.org/threads/59784/#post-677250 ↩︎

  3. bugs.kde.org/show_bug.cgi?id=391154#c5 ↩︎

1 Like
5

FWIW, there does exist one GCOS setting in /etc/login.defs:

#
# Which fields may be changed by regular users using chfn(1) - use
# any combination of letters "frwh" (full name, room number, work
# phone, home phone).  If not defined, no changes are allowed.
# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
# 
#CHFN_RESTRICT          rwh

If you wanted another setting defined (e.g. something like GCOS_FIELDS=f to indicate the field count and order or GCOS_DELIMIT=; to specify a delimiter), you could probably file a RFE against the shadow-utils package.

1 Like
6

@glb, the problem with that is that whilst I want Fedora to have the newest and best features available, and I presume they would find merit in this problem being raised (although would probably be apathetic to actually implementing it), I expect that all consumers of /etc/passwd’s GECOS field (chfn, etcetera) would need to implement support for these preferences. I doubt that they would if they’re Fedora-specific…

7

As far as I know, only the finger program cares about the sub-fields of the gecos field of the passwd file. Other programs takes the field as the user’s real name, but strips everything after the first comma and the comma itself. The finger program is extreme legacy from the early BSD4 times before Linux was even a thing.

There some alternative places for extra user information

  • /var/lib/AccountsService

  • userdbctl

1 Like
8

@vekruse, that looks promising: [1]

[User]
Email=v5378iq1@rokejulianlockhart.addy.io
Languages=en_GB.UTF-8;
Session=
Icon=/var/lib/AccountsService/icons/RokeJulianLockhart
SystemAccount=false

However, I’m surprised that it’s so underutilised, for it appears to augment GECOS, rather than replace it. Upon investigation, dnf5 provides /var/lib/AccountsService, confirmed with rpm -qa accountsservice, states that this is provided by accountsservice-23.13.9-8.fc42.x86_64.

Originally, I intended to ask y’all whether gitlab.freedesktop.org/accountsservice/accountsservice/-/issues/118#response, demonstrates that I could ask FreeDesktop to write all user information values there, rather than /etc/passwd.

Then, I remembered that kcm_users itself doesn’t actually offer any more options than those which I see written: [2]

368×395 42.6 KB

Consequently, I checked the DBus service, and indeed saw no way to write the information that chfn does:

789×1355 153 KB

I presume this is worth an FR to FreeDesktop…?

That’s a superb visualiser (better than damn DBus), although I would presume that it also reads from GECOS, since it returns the same name value, and doesn’t appear to provide capabilities to overwrite them.

  1.  #!/usr/bin/env pwsh
 #Requires -PSEdition Core
 If ($IsLinux) {
     Start-Process -FilePath "view-source:file:///var/lib/AccountsService/users/$Env:USER#line0:~:text=%5BUser%5D,SystemAccount=false"
 }
    ↩︎

  2. kcmshell6 kcm_users ↩︎

9

I forgot to mention the sole thing that mattered to this thread: it restricts itself to what GECOS is able to store, despite /etc/passwd being easily deprecable in favour of /var/lib/AccountsService:

  1. 488×200 16.2 KB

  2. Connected to D-Bus.

    Error: setting real name failed: real name ‘Mr. Beedell, Roke Julian Lockhart (RJLB)’ must not contain commas

10

Although this doesn’t solve the title of the thread, for the reason I cared, it does:

1 Like