I'm trying to write a simple CGI to help end-users configure a program on our machine, spamassassin to be specific. This program allows user config files in $HOME, and my CGI is going to need to read/write these files. Unfortunately the configuration files can't "include" other files elsewhere that the CGI writes, so my only option is probably going to be to edit the user's file directly from the CGI, which I really don't want to do. I'd prefer to create files the CGI program owns, and then set up user configuration files to just "source" those, but that doesn't seem possible.

Still, I can't think of anything better. Sure, I could make all user directories world readable and their configuration files world writable, but that's a really bad idea. I don't want to shoehorn all users into the same group and then give the configuration files group priveleges.

So the question is, is there a way to do the equivalent of "su" in perl to allow switching to another user ID? More importantly, is there a way of doing this safely? (Of course I'm going to be using standard techniques including taint checking and so on) One thing I'm definately not going to do is make the CGI suid root. :)

Or am I missing something and is there an easier way out?