Re^2: How to make sure that non-Perl programs will respect Perl's file locking?

That is an interesting point. But I'm not using neither of your options: the CGI uses the program Sudo (and a tight setup of it) to get the proper rights. Using Taint mode also helps regarding security breachs.

The UNIX PAM recomendation is a good one but is not that portable: Slackware Linux, for example, doesn't use PAM AFAIK. Besides doing this helps to solve only part of the problem: the CGI still needs to update the smbpasswd file without anybody else doing it at the same time.

Alceu Rodrigues de Freitas Junior
---------------------------------
"You have enemies? Good. That means you've stood up for something, sometime in your life." - Sir Winston Churchill

Comment on Re^2: How to make sure that non-Perl programs will respect Perl's file locking?

Replies are listed 'Best First'.
Re^3: How to make sure that non-Perl programs will respect Perl's file locking? by ruoso (Curate) on Jan 11, 2006 at 18:25 UTC
Hmmm... So you do are changing the smbpasswd in your CGI script... I wouldn't recommend it... The fact that Slackware doesn't support PAM is really a suprise to me... I've been using PAM for a long time and actually can't think how it can't be in Slackware... Anyway... If you were using PAM, you could place a pam module that reflects the changes on the user password to the smbpasswd file. (I know such module exists, just don't remeber its name). "Fixing" your Slackware to include PAM is possibly a good idea, or else you'll have to stick with this insecure approuch of changing this files directly... daniel	[reply]
Re^4: How to make sure that non-Perl programs will respect Perl's file locking? by lRem (Scribe) on Jan 11, 2006 at 21:12 UTC
It never was in Slackware, as well as it never was in OpenBSD. And in the latter, it probably never will, with no way to install it by yourself. As for me, this is enough to don't use PAM in my programs. Unless I would think it's worth implementing both PAM and PAMless versions (which I never did). On the other hand, PAM can be added to Slackware and all other Linux distros. So when you're not thinking about OpenBSD (other UN*Xes have PAM support), you can just add PAM to the dependencies list. -- Someday, people who know how to use computers will rule over those who don't. And there will be a special name for them: secretaries. -Dilbert quote	[reply]