I'm trying to write a simple CGI to help end-users configure a program on our machine, spamassassin to be specific. This program allows user config files in $HOME, and my CGI is going to need to read/write these files. Unfortunately the configuration files can't "include" other files elsewhere that the CGI writes, so my only option is probably going to be to edit the user's file directly from the CGI, which I really don't want to do. I'd prefer to create files the CGI program owns, and then set up user configuration files to just "source" those, but that doesn't seem possible.

Still, I can't think of anything better. Sure, I could make all user directories world readable and their configuration files world writable, but that's a really bad idea. I don't want to shoehorn all users into the same group and then give the configuration files group priveleges.

So the question is, is there a way to do the equivalent of "su" in perl to allow switching to another user ID? More importantly, is there a way of doing this safely? (Of course I'm going to be using standard techniques including taint checking and so on) One thing I'm definately not going to do is make the CGI suid root. :)

Or am I missing something and is there an easier way out?

In reply to Privilege elevation by Uruk

Title:
Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post, it's "PerlMonks-approved HTML":


  • Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
  • Titles consisting of a single word are discouraged, and in most cases are disallowed outright.
  • Read Where should I post X? if you're not absolutely sure you're posting in the right place.
  • Please read these before you post! —
  • Posts may use any of the Perl Monks Approved HTML tags:
    a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, details, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, summary, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
  • You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)
            For:     Use:
    & &amp;
    < &lt;
    > &gt;
    [ &#91;
    ] &#93;
  • Link using PerlMonks shortcuts! What shortcuts can I use for linking?
  • See Writeup Formatting Tips and other pages linked from there for more info.