[users@httpd] Re: Using suexec to let users modify their vacation

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Wednesday 09 November 2005 01:46, Laurent Blume wrote:
> Hello all,
>
> I'm sure this has been done before, but I can't get relevant hits on
> AltaVista or Google...
>
> I need to have a web interface to let users modify their vacation
> message on the mail server in the intranet. They'll authenticate
> themselves first, of course, using mod_ldap.
> It's a regular Solaris 8 server, using its vacation tool, only users
> can't access it with a shell.
>
> My current idea is to use mod_suexec, but it'd need to have one script
> belonging to each user, in all the home/*/public_html/cgi-bin
> directories. It's possible, but not very convenient.
>
> Does anything already exist that I could use or adapt? I don't want to
> reinvent the wheel (and I'm not sure I'd reinvent it round...).
> It could even be PHP or another reasonably installable script language.

DISCLAIMER: What I suggest could be very dangerous, and should only be 
attempted with full knowledge of what you are doing.  That said...

I once designed a system for adding users  that was activated from a web 
interface (sign up for a student web server).  After running the First Name, 
Last Name and Login through regex's to weed out any shell characters, I then 
called a copy of useradd that I had placed in my own directory (i.e. not the 
copy in /usr/sbin/useradd.  This copy of useradd was owned by root.asuaf.  
ASUAF was the user/group the main CGI's ran as.  And this copy of useradd was 
only executable by the asuaf group, thus it could only be invoked from 
asuaf's CGI's.

So, that is one possibility.  The other is just to go with what's already been 
done and user Usermin: http://www.usermin.com/

j----- k-----

-- 
Joshua Kugler
CDE System Administrator
http://distance.uaf.edu/

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
   "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux