diff --git a/pkg/osutil/user.go b/pkg/osutil/user.go
index 98a987b7fea..830885fbfb0 100644
--- a/pkg/osutil/user.go
+++ b/pkg/osutil/user.go
@@ -11,6 +11,7 @@ import (
 	"strings"
 	"sync"
 
+	"github.com/containerd/containerd/identifiers"
 	"github.com/sirupsen/logrus"
 )
 
@@ -32,11 +33,6 @@ var (
 	groups map[string]Group
 )
 
-// regexUsername matches user and group names to be valid for `useradd`.
-// `useradd` allows names with a trailing '$', but it feels prudent to map those
-// names to the fallback user as well, so the regex does not allow them.
-var regexUsername = regexp.MustCompile("^[a-z_][a-z0-9_-]*$")
-
 // regexPath detects valid Linux path.
 var regexPath = regexp.MustCompile("^[/a-zA-Z0-9_-]+$")
 
@@ -111,9 +107,8 @@ func LimaUser(warn bool) (*user.User, error) {
 	cache.Do(func() {
 		cache.u, cache.err = user.Current()
 		if cache.err == nil {
-			if !regexUsername.MatchString(cache.u.Username) {
-				warning := fmt.Sprintf("local user %q is not a valid Linux username (must match %q); using %q username instead",
-					cache.u.Username, regexUsername.String(), fallbackUser)
+			if err := identifiers.Validate(cache.u.Username); err != nil {
+				warning := fmt.Sprintf("%s; using %q username instead", err.Error(), fallbackUser)
 				cache.warnings = append(cache.warnings, warning)
 				cache.u.Username = fallbackUser
 			}
diff --git a/pkg/osutil/user_test.go b/pkg/osutil/user_test.go
index 860f0a71db2..7753b8decf7 100644
--- a/pkg/osutil/user_test.go
+++ b/pkg/osutil/user_test.go
@@ -5,6 +5,7 @@ import (
 	"strconv"
 	"testing"
 
+	"github.com/containerd/containerd/identifiers"
 	"gotest.tools/v3/assert"
 )
 
@@ -14,7 +15,7 @@ func TestLimaUserWarn(t *testing.T) {
 }
 
 func validUsername(username string) bool {
-	return regexUsername.MatchString(username)
+	return identifiers.Validate(username) == nil
 }
 
 func TestLimaUsername(t *testing.T) {