Posted by Steve on 01/02/06 06:53

On Sun, 01 Jan 2006 23:07:28 -0500, Shelly wrote:

>
> "Jerry Stuckle" <jstucklex@attglobal.net> wrote in message
> news:VPCdnaMKw9njPyXenZ2dnUVZ_smdnZ2d@comcast.com...
>> Shelly wrote:
>>> I submitted this to comp.mail.sendmail, but maybe someone here can help
>>> me as well.
>>>
>>> OK, this has most likely been asked and answered several times, but I am
>>> still confused after searching. Here is the background and situation:
>>>
>>
>> Yes, you asked it here on 12/28. Did you check those answers?
>
> Yes, I did, but was still confused by the answers. That was why I reposted
> with the specifics in, what I hoped, was clearer descriptive language.
>
> After posting, I continued with some intensive searching. I think I
> understand now, but would like some verification.
>
> 1 - Create the account with an adduser command. (The php would be either a
> system() or exec() command to run that command.) It has to be in the passwd
> account, but doesn't need to have a shell script.
BUT php would have to run as root to successfully complete, which is a
HUGE security hole.
>
> 2 - Have the adduser -D so that would limit these users. This would be
> done one time by the root account at the box itself.
>
> 3 - Also, have the shell script for the accounts set to /bin/false. This
> could also be done from php spawning a system() or exec(0 command.
Try man adduser to note that these 3 steps need to be done in a single
command.
>
> Did I finally get it straight?
>
> Shelly
Like I said over in comp.mail.sendmail, what mailstore are you using, and
what kind of authentication... database, ldap, os, write your own, etc?

Steve

[Back to original message]