I'm trying to write a simple CGI to help end-users configure
a program on our machine, spamassassin to be specific. This
program allows user config files in $HOME, and my CGI is
going to need to read/write these files. Unfortunately the
configuration files can't "include" other files elsewhere
that the CGI writes, so my only option is probably going to
be to edit the user's file directly from the CGI, which I
really don't want to do. I'd prefer to create files the CGI
program owns, and then set up user configuration files to
just "source" those, but that doesn't seem possible.
Still, I can't think of anything better. Sure, I could make
all user directories world readable and their configuration
files world writable, but that's a really bad idea. I don't
want to shoehorn all users into the same group and then give
the configuration files group priveleges.
So the question is, is there a way to do the equivalent of
"su" in perl to allow switching to another user ID? More
importantly, is there a way of doing this safely? (Of
course I'm going to be using standard techniques including
taint checking and so on) One thing I'm definately not
going to do is make the CGI suid root. :)
Or am I missing something and is there an easier way out?