[tpop3d-discuss] Another MySQL question

Allan Joergensen allan at nowhere.dk
Sun, 7 Sep 2003 19:20:07 +0200


On 07-Sep-2003, Chris Lightfoot wrote:

> > But it really defeats the purpose of using *SQL to hold the user
> > information.
> No. After all, the UID can be the same for all database
> users. And using UIDs alone without recording them in

I have one uid per domain, having those in /etc/passwd is not really a
problem since I host less than 10 domains. With many domains this may be
a problem.

I use this as a security measure (but this may be a wrong approach)
since it should be imposible for users in one domain to chdir into
another domain's directories (this is when ftp'ing in).

I could find a few good reason why one should not do this (number of
sql-lookups being one of them) so I'm open for suggestions :)

> /etc/passwd strikes me as poor practice -- what happens if
> somebody later creates a user with UID 5029 for some other
> purpose?

On my hosting only box this is not a problem (both now and when I was
working at an ISP).

-- 
Allan Joergensen

"You will die for this!" MacLeod