[tpop3d-discuss] Another MySQL question

[Chris Lightfoot]

On Sun, Sep 07, 2003 at 07:20:07PM +0200, Allan Joergensen wrote:
> On 07-Sep-2003, Chris Lightfoot wrote:
> 
> > > But it really defeats the purpose of using *SQL to hold the user
> > > information.
> > No. After all, the UID can be the same for all database
> > users. And using UIDs alone without recording them in
> 
> I have one uid per domain, having those in /etc/passwd is not really a
> problem since I host less than 10 domains. With many domains this may be
> a problem.
> 
> I use this as a security measure (but this may be a wrong approach)
> since it should be imposible for users in one domain to chdir into
> another domain's directories (this is when ftp'ing in).
> 
> I could find a few good reason why one should not do this (number of
> sql-lookups being one of them) so I'm open for suggestions :)

no, that's fine.

> > /etc/passwd strikes me as poor practice -- what happens if
> > somebody later creates a user with UID 5029 for some other
> > purpose?
> 
> On my hosting only box this is not a problem (both now and when I was
> working at an ISP).

well... it doesn't sound to me like a good idea. i don't
think creating the odd /etc/passwd line is too onerous.


-- 
When you do a good deed, get a receipt,
in case the afterlife is like the Inland Revenue.