How to Exclude Bad Names when Creating User Accounts in Linux

The useradd command in Linux is used to create new user accounts. One of the options available for this command is --badnames. This option allows administrators to specify a list of names that should be considered “bad” or undesirable when creating user accounts, helping to enforce naming conventions or prevent the use of reserved or inappropriate names.

When using useradd --badnames, you provide a file containing a list of names that should be excluded. Here are a few examples to illustrate its usage:

Example 1: Exclude common system names.

            $ cat badnames.txt
            root
            admin
            nobody
            $ sudo useradd --badnames badnames.txt newuser1
        

Explanation: In this example, we create a file badnames.txt listing common system usernames. The command then attempts to create a new user account newuser1, excluding any names listed in badnames.txt. Verification: To verify if newuser1 was created, use grep newuser1 /etc/passwd.

Example 2: Preventing the use of reserved names.

            $ echo "temp" | sudo tee badnames.txt
            $ sudo useradd --badnames badnames.txt tempuser
        

Explanation: Here, we directly specify a bad name temp using echo and tee commands. The useradd command attempts to create a new user account tempuser, excluding the name temp. Verification: Verify if tempuser was created using grep tempuser /etc/passwd.

Example 3: Using the --badnames option with no file specified.

            $ sudo useradd --badnames baduser1
        

Explanation: In this case, baduser1 is considered a bad name directly specified on the command line. The useradd command will check against its internal list of bad names or naming conventions. Verification: Check if baduser1 exists with grep baduser1 /etc/passwd.

Example 4: Specifying multiple bad names.

            $ cat badnames.txt
            temp
            test
            admin
            $ sudo useradd --badnames badnames.txt testuser
        

Explanation: In this example, we create a file badnames.txt with multiple bad names. The command then tries to create a user account testuser, ensuring that neither test nor admin are used. Verification: Check the creation status of testuser with grep testuser /etc/passwd.

Using the --badnames option with useradd helps maintain system integrity by preventing the creation of accounts with names that could potentially cause conflicts or security issues. By specifying a list of bad names, administrators can enforce naming policies and ensure that user accounts adhere to organizational standards.