Anonymous Monk has asked for the wisdom of the Perl Monks concerning the following question:

Hi All,

Now i know you are all going to frown at me on this one, but i do need you help, and the most secure way to perform this action.

I have a script running at the moment that allows people to register for e-mail accounts on my servers. This requires them to have a linux account (it cannot be done in a database or anything like that). The script is running taint, and regexps on user input, as well as checking to see if the chosen username already exists. That script then goes off and calls another script that is suid, which adds the user account, edits postfix files and creates quota's.

Previous to this, i was running the second script via cron, so it was not suid, but people were complaining because accounts were only getting created every 30 minutes - and if i lowered the cron times, it would be a waste of resources when there were no accounts to add.

So, what is the best way to allow people on my website to create their own linux accounts - as i don't fancy manualy adding 600 accounts per day!

Replies are listed 'Best First'.
Re: Adding User To System
by naChoZ (Curate) on Jun 28, 2003 at 14:18 UTC
    If you're thinking you'll achieve that kind of volume, you should probably go with some sort of external method of authentication like LDAP. If you do experience that kind of growth, you'll quickly outgrow a single machine and have to start using multiple servers. Limiting yourself to local authentication is not very scalable, so you'll be happy in the long run that you went with an external method.

    ~~
    naChoZ

[reply]
Re: Adding User To System
by dash2 (Hermit) on Jun 29, 2003 at 01:34 UTC
    When you say it would be a waste of resources, are you sure that the resources would be anything more than trivial? Running a simple perl script via cron is not usually something that causes servers to grind to a halt with steam pouring out of them.

    Also, if you're getting 600 users a day, then presumably they are arriving at (about) 25 per hour, so running the cron every ten minutes is pretty likely to catch new users. And because you can catch multiple new users at once, you might find that the script takes less load than calling once for every new user.
    A massive flamewar beneath your chosen depth has not been shown here

[reply]

Back to Seekers of Perl Wisdom