OK, this is slightly OT,
I have a some Procmail scripts that are working quite well, but I have some
variables that I would like the users to be able to adjust, eg forwarding
address, pager number.
The users all have local accounts, but can't log in to them. They have web,
mail, pop and IMAP access only.
My first thoughts are to build a quick web interface to allow users to change
these settings, but I think that this raises security problems, ie how does the
web server write to a file in the users home directory. One thought might be
to put the variables into seperate files that are writable by the web server,
and the .procmailrc has readonly access, checks the value in the file for
sanity and uses that value in the rest of the script (eg forwarding address for
e-mail). However, there must be a neater way to do this and this still leaves
some security holes.
I have seen this done using a small C program which runs SUID, does a chmod and
chgroup to the correct user and then writes the data. Is this a good idea..?
Another thought is that I could use procmail itself, eg send an encoded file to
the user with details in the body. This would get spotted by the .procmailrc
and update the local variables and then ditch the email without delivering...
Is there some way to make this safe without the risk of outsiders sending in
mail to the users with commands in the body...
Any other ideas? For example I had heard that IMAP might be used to update
files in the users directory? (I am using Courier IMAP)
In all this we must assume non-technically literate users with a small patience
threshold. They will not be changing these variables very often so they will
have forgotten how to do it when they need to, hence web ideas are mostly
procmail mailing list