[thelist] UNIX SECURITY. . .
John Starkey
jstarkey at advancecreations.com
Mon Feb 19 23:38:54 CST 2001
Have you tried chrooting a usr and giving it cgi access? Also putting it on
another partition would be a good idea. This will only stop them from deleting
anything outside of the partition though. You'll lose everything accessible by
that user.
BTW, hi. I'm new to the list. Was recommend here by an existing member. Nice
to meet y'all.
Mark Scalia wrote:
> Does anyone have any sugguestions of a secure way of adding a user to a
> unix system from a web based form. I am wondering how sites like Yahoo,
> for instace, go about adding a user to their system in able to offer such
> features as pop email and web space. I am guessing that their signup form
> triggers some program that adds a user without being root.
>
> I know that adduser takes root access and could be used in conjuction with
> "sudo", or some other program, but is that how large sites such as yahoo
> and others go about this?????
>
> I get extremely nervous with even the thought of giving a cgi script access
> to a root command . . .
>
> Thanks,
>
> Mark
>
> ---------------------------------------
> For unsubscribe and other options, including
> the Tip Harvester and archive of TheList go to:
> http://lists.evolt.org Workers of the Web, evolt !
More information about the thelist
mailing list