We are writing a daemon that automatically adds and configures user accounts on our FBSD box. The idea is:
1) User signs up on web page; user signup is stored in DB
2) We will have a daemon running on our box that takes those signups and automatically runs adduser, makes a few default folders for them, etc. etc.
Current thinking is to make the daemon run as root. Now we sanitize the hell out of the user data that comes in, but the fact remains that we are still sending user-submitted data to a process running as root. That makes me feel uneasy.
Is there a better way to do this? I think our daemon has to run as root to be able to add users to the system, or am I missing something?
1) User signs up on web page; user signup is stored in DB
2) We will have a daemon running on our box that takes those signups and automatically runs adduser, makes a few default folders for them, etc. etc.
Current thinking is to make the daemon run as root. Now we sanitize the hell out of the user data that comes in, but the fact remains that we are still sending user-submitted data to a process running as root. That makes me feel uneasy.
Is there a better way to do this? I think our daemon has to run as root to be able to add users to the system, or am I missing something?