Your Thoughts: Securing Custom Daemons

[dordal]

We are writing a daemon that automatically adds and configures user accounts on our FBSD box. The idea is:
1) User signs up on web page; user signup is stored in DB
2) We will have a daemon running on our box that takes those signups and automatically runs adduser, makes a few default folders for them, etc. etc.

Current thinking is to make the daemon run as root. Now we sanitize the hell out of the user data that comes in, but the fact remains that we are still sending user-submitted data to a process running as root. That makes me feel uneasy.

Is there a better way to do this? I think our daemon has to run as root to be able to add users to the system, or am I missing something?

 

[vermaden]

Why not use PAM with users kept in PostgreSQL database?

Check these for more info:
http://pam-pgsql.sourceforge.net/
http://jasonnoble.org/labels/pam.html

 

[anomie]

As a general recommendation, if you haven't considered doing so already, I would put the whole application in a FreeBSD jail. In the worse case - i.e. your sanitization fails - you will likely be able to contain the nastiness to the jail (instead of overflowing to the entire system).

 

[SirDice]

2) We will have a daemon running on our box that takes those signups and automatically runs adduser, makes a few default folders for them, etc. etc.

Don't use adduser for this. Use pw(8). You can also make use of the /usr/share/skel/ directory.

 

[vivek]

We do something like this for our shared hosting customer and all user ftp, e-mail, apache dir auth, subdomains accounts are stored in a mysql database. No system file is edited at all, no shell access. All daemons are configured to do username/password lookup via mysql database. Also, we run all servers in jail on both Linux (VMs) and FreeBSD.