Beefy Boxes and Bandwidth Generously Provided by pair Networks
good chemistry is complicated,
and a little bit messy -LW
 
PerlMonks  

help...cgi-bin form - strategy needed to set user's out of office reply via the vacation prog.

by weenie (Initiate)
on Apr 27, 2003 at 18:53 UTC ( #253509=perlquestion: print w/replies, xml ) Need Help??

weenie has asked for the wisdom of the Perl Monks concerning the following question:

Greets good Monks!
In the spirit of TMT1W2DI - my question could be answered in more than one way.

1. Is there a module available (I have searched fruitlessly) that would allow me to easily let a user set/unset, and change their .vacation.msg file via a cgi form?

2. I have implemented SSL on Apache (OpenBSD) - and have the directory that the cgi will run out of set to force authentication - and it works :) . I think I could take the remote_user variable and substitute it in perl code to modify the vacation and forward files in the user's home dir. But I believe I would still have to run 'vacation -i' as the user. I'm not sure how to go about this (would setuid be the best/only way? or how might I perhaps su - username to do it?)

Also - it would seem unwieldy as user population grows to have to maintain the htaccess file (I may have to move to an OpenLDAP solution - but have no experience implementing such).

3. Can anyone point me to resources, and/or example code to do this sort of user file manipulation?

4. charity solution Has anyone done this whom is willing to share their hard work with a humble weenie monk?

Thank you.

NeoMonk Weenie

  • Comment on help...cgi-bin form - strategy needed to set user's out of office reply via the vacation prog.

Replies are listed 'Best First'.
Re: help...cgi-bin form - strategy needed to set user's out of office reply via the vacation prog.
by Corion (Pope) on Apr 28, 2003 at 07:07 UTC

    As nobody has yet posted a working answer and I discussed solutions with hacker yesterday in the chatterbox, here what we came up with :

    1. A setuid root CGI that writes directly to the files .vacation and .forward or that executes vacation -i via sudo. This is the least desireable solution, as anything requiring root permissions is a security risk.
    2. A CGI that writes the new values into temporary files (one per user) or into a database plus a cron job that runs for every user (or central as root) and which updates each users vacation file nightly from the database. This is more secure, as the only point where you need root permissions is where you overwrite other users files. Special care must still be taken when getting/processing the list of all affected users that no username is misexpanded (spaces in usernames, weird characters in usernames etc).

    While neither of these is a "working" solution, at least the second one should be a solution that can be easier implemented, as you don't have to muck much with permissions and the risk of accidentially overwriting other files is greatly reduced.

    perl -MHTTP::Daemon -MHTTP::Response -MLWP::Simple -e ' ; # The $d = new HTTP::Daemon and fork and getprint $d->url and exit;#spider ($c = $d->accept())->get_request(); $c->send_response( new #in the HTTP::Response(200,$_,$_,qq(Just another Perl hacker\n))); ' # web
Re: help...cgi-bin form - strategy needed to set user's out of office reply via the vacation prog.
by Anonymous Monk on Apr 27, 2003 at 23:17 UTC

    Google provides lots of results including this.

    I'd like to add that just because there are lots of options that can be found with a simple search doesn't mean you shouldn't have asked this question. It's great to generate discussion, maybe someone has something even better sitting on their hard drive, or has a better approach to the problem. So keep asking :)

Re: help...cgi-bin form - strategy needed to set user's out of office reply via the vacation prog.
by submersible_toaster (Chaplain) on Apr 28, 2003 at 06:57 UTC

    Since I have avoided perl+setuid like the plague I cannot really comment on a perl solution for you. No doubt there is more than one! You mention that maintenance might become a problem with a greater number of users, so you may well discover that a clever script now, will give rise to some more clever scripts, followed by some desperate ones - over time. It may well be the case that rethinking the mail-server strategy will save you work, pain, stress and mileage in the long run.(YMMV)

    You mention LDAP++ , I have found LDAP a fantastic way to retrieve user information, particularly with perl, much software supports LDAP authentication also. I am drifting OT now , but will recommend you check out some of the features of InsightServer (v4.0.0b which I am re-evaluating ATM) and DBMail, who specifically mention..

    Security. Dbmail has got nothing to do with the filesystem or interaction w +ith other programs in the Unix environment which need special permissions. Dbmail is as secure as the database it's based upon.

    Those are my two cents, most of this I am still researching. Insightserver is _ALMOST_ a MSExchange killer but it does cost $$ (less than Exchange), it still makes a nice db-backed imap server, and from what I see today the v4 beta has had it's administration interface VASTLY upgraded. I discover that Vacation is part of its web admin tools.



    food for thought can be hard to chew
Re: help...cgi-bin form - strategy needed to set user's out of office reply via the vacation prog.
by Anonymous Monk on Apr 29, 2003 at 03:54 UTC
    I use a script that I found at devil.medialab.at several years ago. It uses the Net::FTP module to FTP the .vacation.msg and related files to the user's home directory. I've copied the script for you and put it at ftp.amethystweb.com/vacation.txt

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?
Node Status?
node history
Node Type: perlquestion [id://253509]
Approved by Aristotle
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others making s'mores by the fire in the courtyard of the Monastery: (3)
As of 2021-09-22 00:29 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found

    Notices?