What characters are forbidden in Windows and Linux directory names?

Solution 1:

Let's keep it simple and answer the question, first.

The forbidden printable ASCII characters are:

Linux/Unix:
```
  / (forward slash)
```

Windows:

  < (less than)
  > (greater than)
  : (colon - sometimes works, but is actually NTFS Alternate Data Streams)
  " (double quote)
  / (forward slash)
  \ (backslash)
  | (vertical bar or pipe)
  ? (question mark)
  * (asterisk)

Non-printable characters

If your data comes from a source that would permit non-printable characters then there is more to check for.
- Linux/Unix:
```
  0 (NULL byte)
```
- Windows:
```
  0-31 (ASCII control characters)
```
^{Note: While it is legal under Linux/Unix file systems to create files with control characters in the filename, it might be a nightmare for the users to deal with such files.}

Reserved file names

The following filenames are reserved:

Windows:

  CON, PRN, AUX, NUL 
  COM1, COM2, COM3, COM4, COM5, COM6, COM7, COM8, COM9
  LPT1, LPT2, LPT3, LPT4, LPT5, LPT6, LPT7, LPT8, LPT9

(both on their own and with arbitrary file extensions, e.g. LPT1.txt).

Other rules
- Windows:
  
  Filenames cannot end in a space or dot.
- macOS:
  
  You didn't ask for it, but just in case: Colon : and forward slash / depending on context are not permitted (e.g. Finder supports slashes, terminal supports colons). (More details)

Solution 2:

A “comprehensive guide” of forbidden filename characters is not going to work on Windows because it reserves filenames as well as characters. Yes, characters like * " ? and others are forbidden, but there are a infinite number of names composed only of valid characters that are forbidden. For example, spaces and dots are valid filename characters, but names composed only of those characters are forbidden.

Windows does not distinguish between upper-case and lower-case characters, so you cannot create a folder named A if one named a already exists. Worse, seemingly-allowed names like PRN and CON, and many others, are reserved and not allowed. Windows also has several length restrictions; a filename valid in one folder may become invalid if moved to another folder. The rules for naming files and folders are on the Microsoft docs.

You cannot, in general, use user-generated text to create Windows directory names. If you want to allow users to name anything they want, you have to create safe names like A, AB, A2 et al., store user-generated names and their path equivalents in an application data file, and perform path mapping in your application.

If you absolutely must allow user-generated folder names, the only way to tell if they are invalid is to catch exceptions and assume the name is invalid. Even that is fraught with peril, as the exceptions thrown for denied access, offline drives, and out of drive space overlap with those that can be thrown for invalid names. You are opening up one huge can of hurt.

Solution 3:

Under Linux and other Unix-related systems, there are only two characters that cannot appear in the name of a file or directory, and those are NUL '\0' and slash '/'. The slash, of course, can appear in a pathname, separating directory components.

Rumour¹ has it that Steven Bourne (of 'shell' fame) had a directory containing 254 files, one for every single letter (character code) that can appear in a file name (excluding /, '\0'; the name . was the current directory, of course). It was used to test the Bourne shell and routinely wrought havoc on unwary programs such as backup programs.

Other people have covered the rules for Windows filenames, with links to Microsoft and Wikipedia on the topic.

Note that MacOS X has a case-insensitive file system. Current versions of it appear to allow colon : in file names, though historically that was not always the case:

$ echo a:b > a:b
$ ls -l a:b
-rw-r--r--  1 jonathanleffler  staff  4 Nov 12 07:38 a:b
$

POSIX defines a Portable Filename Character Set consisting of:

A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
a b c d e f g h i j k l m n o p q r s t u v w x y z
0 1 2 3 4 5 6 7 8 9 . _ -

Sticking with names formed solely from those characters avoids most of the problems, though Windows still adds some complications.

¹ It was Kernighan & Pike in ['The Practice of Programming'](http://www.cs.princeton.edu/~bwk/tpop.webpage/) who said as much in Chapter 6, Testing, §6.5 Stress Tests:

When Steve Bourne was writing his Unix shell (which came to be known as the Bourne shell), he made a directory of 254 files with one-character names, one for each byte value except '\0' and slash, the two characters that cannot appear in Unix file names. He used that directory for all manner of tests of pattern-matching and tokenization. (The test directory was of course created by a program.) For years afterwards, that directory was the bane of file-tree-walking programs; it tested them to destruction.

^{Note that the directory must have contained entries . and .., so it was arguably 253 files (and 2 directories), or 255 name entries, rather than 254 files. This doesn't affect the effectiveness of the anecdote, or the careful testing it describes.}

^{TPOP was previously at
http://plan9.bell-labs.com/cm/cs/tpop and
http://cm.bell-labs.com/cm/cs/tpop but both are now (2021-11-12) broken.
See also Wikipedia on TPOP.}

Solution 4:

Instead of creating a blacklist of characters, you could use a whitelist. All things considered, the range of characters that make sense in a file or directory name context is quite short, and unless you have some very specific naming requirements your users will not hold it against your application if they cannot use the whole ASCII table.

It does not solve the problem of reserved names in the target file system, but with a whitelist it is easier to mitigate the risks at the source.

In that spirit, this is a range of characters that can be considered safe:

Letters (a-z A-Z) - Unicode characters as well, if needed
Digits (0-9)
Underscore (_)
Hyphen (-)
Space
Dot (.)

And any additional safe characters you wish to allow. Beyond this, you just have to enforce some additional rules regarding spaces and dots. This is usually sufficient:

Name must contain at least one letter or number (to avoid only dots/spaces)
Name must start with a letter or number (to avoid leading dots/spaces)
Name may not end with a dot or space (simply trim those if present, like Explorer does)

This already allows quite complex and nonsensical names. For example, these names would be possible with these rules, and be valid file names in Windows/Linux:

A...........ext
B -.- .ext

In essence, even with so few whitelisted characters you should still decide what actually makes sense, and validate/adjust the name accordingly. In one of my applications, I used the same rules as above but stripped any duplicate dots and spaces.

Solution 5:

The easy way to get Windows to tell you the answer is to attempt to rename a file via Explorer and type in a backslash, /, for the new name. Windows will popup a message box telling you the list of illegal characters.

A filename cannot contain any of the following characters:
    \ / : * ? " < > |

Microsoft Docs - Naming Files, Paths, and Namespaces - Naming Conventions

Why do function pointer definitions work with any number of ampersands '&' or asterisks '*'?

How to send email attachments?

Convert SVG to image (JPEG, PNG, etc.) in the browser

Margin on child element moves parent element

Are all even graphs planar?

Solution to Linear Time-invariant Matrix ODE $\frac{d\mathbf{P}}{dt} = \mathbf{A}\mathbf{P} + \mathbf{B}$

Every nonsingular $m\times m$ matrix is row equivalent to identity matrix $I_m$

Number of spectral lines from $n_2$ to $n_1$ [closed]

How to get a solution of the inequality $5 \sin (\theta)-\frac{1}{2} \sin \left(\frac{5 \theta}{2}\right) \geq 0$ using sympy?

Bounding $|f'(0)|$ for a complex function $f$ [duplicate]

if $2$ is root of equation $|A-xI|=0$ (where $A$ is non-singular matrix), $\frac{|A|}{2}$ root of equation $|B-xI|=0$ then $B$ can be

Integration by parts involving empirical/counting measure