How secure could be my webserver if i allow some php scripts to modify the file (directly) /etc/passwd & /etc/shadow but my script will only allow to modify the line of the loged user (like userid=visitor, then he only can see/modify visitor's line)??
It is secure, if i enforce very enougth the security of the script... or this stills being a stupid option? Also if i use that script only for modify the permisions of ftp's users it stills unsecure? (if the ftpd runs whit a very unpriviligiated uid?) Thanks in advance
