I did think about writing that using a constant like use constant HOME_DIR => '/home/' but then I thought that'd be obvious. But then I don't agree with the premise of testing for user-existance by checking for directory existance in some common location.

The overall idea of these three responses to this question is that guru-alike is required to write these sorts of things safely. If carp "Foo!" unless -e HOME_DIR . $username was even part of the question then it is quite obvious that the person posting the question is not up to the task (yet).

It would likely be a good exercise for Anonymous Monk to write the code and request a review. At least that will earn the programmer some experience and will prepare them for doing the task for real, later. A review alone isn't sufficient to vet some code for security but it's a good start. In addition, full understanding of the execution environment is required and that just isn't possible (or at least highly unlikely) here.

It occurs to me that Webmin might be a better fit for the overall question. While Webmin itself is not secure at least it does the same job with some (perhap?) less obvious problems.

Fun Fun Fun in the Fluffy Chair