|
|
Posted by Erwin Moller on 01/04/08 09:23
Miguel Lopes wrote:
> Hello,
> I need to run a command as root to create users on the system for webmail
> server.
>
> What is the best way to do this?
>
> Thanks
>
>
Hi,
The easy way, adding user PHP (apache, nobody, www-date, whatever) to
sudo, is also very unsafe. So that is a no-go I'd say.
I solved this once in a similar situation as described hereunder.
It is not REAL security, more security-by-obscurity.
1) Make a directory somewhere that has NO directorylisting (check chmod
for directories under *nix for details)
2) In this directory, make another directory with an impossible-to-guess
name.
So you end up with something like this:
/home/lopes/public_html/nodirlisting/hjuyERWdklkJ754hjk367LpH
where the directory nodirlisting has no listingrights, so nobody can
find the name of the hjuyERWdklkJ754hjk367LpH-directory.
Make hjuyERWdklkJ754hjk367LpH writable for user PHP (eg www-data).
3) When you want to add a new user, write some commands to a file, eg a
line for each new webmailuser, then username, then password, etc.
4) create a cronjob for a user that has access to webmail (I am not sure
if that needs to be root).
Let the cronjob run every minute or so, and if something in the file in
hjuyERWdklkJ754hjk367LpH is found, add that to the webmail.
This is still not 100% safe, since everybody on the machine that can
access the file (eg other PHP-scripts), but they will have a hard time
guessing the name of the directory.
Security by obscurity. :-)
Maybe somebody has a REAL solid solution.
Regards,
Erwin Moller
Navigation:
[Reply to this message]
|