As nobody has yet posted a working answer and I discussed solutions with hacker yesterday in the chatterbox, here what we came up with :
- A setuid root CGI that writes directly to the files .vacation and .forward or that executes vacation -i via sudo. This is the least desireable solution, as anything requiring root permissions is a security risk.
- A CGI that writes the new values into temporary files (one per user) or into a database plus a cron job that runs for every user (or central as root) and which updates each users vacation file nightly from the database. This is more secure, as the only point where you need root permissions is where you overwrite other users files. Special care must still be taken when getting/processing the list of all affected users that no username is misexpanded (spaces in usernames, weird characters in usernames etc).
While neither of these is a "working" solution, at least the second one should be a solution that can be easier implemented, as you don't have to muck much with permissions and the risk of accidentially overwriting other files is greatly reduced.
perl -MHTTP::Daemon -MHTTP::Response -MLWP::Simple -e ' ; # The
$d = new HTTP::Daemon and fork and getprint $d->url and exit;#spider
($c = $d->accept())->get_request(); $c->send_response( new #in the
HTTP::Response(200,$_,$_,qq(Just another Perl hacker\n))); ' # web