[thelist] UNIX SECURITY. . .
Cymen Vig
cvig at raw-io.com
Tue Feb 20 02:00:38 CST 2001
Mark Scalia wrote:
> Does anyone have any sugguestions of a secure way of adding a user to
a
> unix system from a web based form. I am wondering how sites like
Yahoo,
> for instace, go about adding a user to their system in able to offer
such
> features as pop email and web space. I am guessing that their signup
form
> triggers some program that adds a user without being root.
>
> I know that adduser takes root access and could be used in conjuction
with
> "sudo", or some other program, but is that how large sites such as
yahoo
> and others go about this?????
>
> I get extremely nervous with even the thought of giving a cgi script
access
> to a root command . . .
The recommended solution is to run mail software that does not require
that each mail account has an entry in /etc/passwd. For example cyrus
has both an imap and pop3 server that provides this type of support
(plus it is very fast, I'm moving from uw-imap to cyrus-imap for better
security and performance).
So if you use this type of software you simply whip out a script that
creates a mail account for the new person using the tools that come with
the mail software (that don't run as root) instead of creating an
account on the machine. Much more secure and simply better!
http://asg.web.cmu.edu/cyrus/
Cymen Vig
cvig at raw-io.com
More information about the thelist
mailing list