You could migrate to a database based mail authentication solution. Postfix+cyrus springs to mind.
Ric ----- Original Message ----- From: <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Sunday, May 19, 2002 9:56 AM Subject: Re: Scripts and passwd > > Hello > > Thanks for the reply. Yes this server is running mod perl :) > > As for risky. Well the whole point of the script system is to add a pop mail > box for a user. But in order to do this i have to do the following: > > add user to the passwd/shadow file > add user to the virtusertable and genericstable > recompile the sendmail config files > > Then and only then is the new mailbox ready for use. This is the only way I > can think of to accomplish this via an automated web proccess. I dont even > know if you can do it any other way with out touching the passwd/shadow > files? > > Thanks! John. > > > You're doing something pretty risky there. the passwd/shadow files are > only > > writable by root. So I suppose that when running them from the command > line > > you run them as root. Apache doesn't run as root (its children which serve > > the requests atleast), so mod_perl (I suppose you *are* using mod_perl? If > > not, this is more appropriate for another newsgroup) won't either. > > > > If you can run your script as CGI, you could use suEXEC. But really, > really > > consider the security implications of what you're doing there before > > allowing users to trash your machine very fast... > > > > > > -- > > Per Einar Ellefsen > > [EMAIL PROTECTED] > > > > >
