+ "Peter Janett" <[EMAIL PROTECTED]>:
| It looks like qmail-newu creates a cdb.tmp file, then copies it to
| the cdb file.
No, it renames it. The reason is that the update has to be atomic,
since there is a live mail system using the database.
| Even if I change the permissions to allow the command to be executed
| by the user the script runs as, it fails to move (copy) the cdb.tmp
| file to the cdb file.
Indeed, qmail-newu must have write privileges on the /var/qmail/user
directory.
+ Asmodeus <[EMAIL PROTECTED]>:
| I get the feeling that you need to run the perl script as root (or
| whomever else has permissions to those files/directories) Everything
| you've mentioned seems to be permissions problems. You might be
| able to get away with one of the qmail* uids, but you might end up
| having to run the script as root.
Certainly, if you allow any uid other than root to muck around with
the users directory, you have opened up a large potential security
hole. To allow your web server to do this is bold and daring indeed.
Some suid-ness and *very* careful and security-conscious programming
is probably called for.
- Harald
