> mm... sudo is a much more fine grained way of granting permission. I don't
> really like do give all power to a web application.
>
> What I would have liked was a sort of sudo module, so execute certain
> *configured* funcions with more power.
Another option might be a long-running process (LRP) that listens
on a pipe for commands. In this case, the only command it would
accept is "adduser", and it would create a user based on the
syntax of the command sent. Thus, your LRP might listen on
/tmp/adduser-pipe so your unpriv'ed web-process would connect to
this pipe and write something like
aup = file('/tmp/adduserpipe', 'w')
aup.write("joe Joe Smith\n")
aup.close()
Your LRP would then read this command and create a user named
"Joe Smith" with a login of "joe". One might get more elaborate
for error-handling, but this would place clear lines of
permission division between the dangerous user-adding code and
the hairy world of teh intarweb.
-tim
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Django users" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/django-users?hl=en
-~----------~----~----~----~------~----~------~--~---
