Running shell commands as a certain user

harlan

Hi,

I'm writing a custom webmail/IMAP program with PHP.

One of the requirements of our IMAP server is that each user has a link in their home directory named "Maildir" pointing to their mail directory, /var/spool/mail/username.

Now, in the shell, this would be

ln -s /var/spool/mail/$username /home/$username/Maildir

Often, when users log in, this link doesn't exist and IMAP bombs. One would think that I could just make the PHP script run that shell command as the user who logged in, but I see no way.

Any suggestions?

thanks,
--harlan

terje-s

Welp, the only way (I think) to do this "on-the-fly" would be to install a SUID shell somewhere, create the link and then chown/chgrp/whatever it. However, that's waaaaay to insecure.

Best suggestion I can come up with in < 20 seconds, would be to send an e-mail to a priviledged account on the system.. then pick it up with procmail, parse it through some script, validate the email (you should have some technique of showing that the email is actually from the script),. and then create links according to data in the email.. =>

By the way, since your webserver is most likely running as 'nobody', nobodys priveleges are the only ones you can have when doing shell commands. Ofcourse you can start the webserver as root, but that is NOT recommended 😉

Anon

Use SUDO to be able to issue a command as root.
Then use SUDO again to chmod the link to what you need it to be.

Note: Don't think lightly about security. Hackers are smarter than you. They always are.