[thelist] UNIX SECURITY. . .
Edwin Martin
e.j.martin at chello.nl
Tue Feb 20 03:17:23 CST 2001
Mark,
>Does anyone have any sugguestions of a secure way of adding a user to a
>unix system from a web based form. I am wondering how sites like Yahoo,
>for instace, go about adding a user to their system in able to offer such
>features as pop email and web space. I am guessing that their signup form
>triggers some program that adds a user without being root.\
I'm pretty sure Yahoo (and others) don't add their users to the unix-system.
A place in the database is probably the best an user gets.
>I know that adduser takes root access and could be used in conjuction with
>"sudo", or some other program, but is that how large sites such as yahoo
>and others go about this?????
>
>I get extremely nervous with even the thought of giving a cgi script access
>to a root command . . .
You should be.
A solution might be to let the CGI-program write new users to
a text file (or better: a database) and let another program with
root-access read this file add these new users to the system.
This program could run once every 10 minutes or so.
Edwin Martin.
--
Surf Edwin Martin's brainwaves: http://www.bitstorm.org/edwin/
More information about the thelist
mailing list