I want to create a web interface that my users can use to change their ".spamassassin/user_prefs" file. I want to write it in Perl (because that is what I know) and I want it to be secure (obviously).

Here are the problems I am running into. First I want only that user to be able to edit their user_prefs file. That means that the permissions have to be left at the default 644 and the owner needs to be that user. My idea was to authenticate that user against the /etc/shadow file but of course a web user doesn't have access to that file (for good reason).

I have seen other programs that do this so I know it can be done, but I didn't like them mostly because they weren't written in perl and therefore I would have trouble modifying them.

Is there a way that I can authenticate the user? Or am I going about this the wrong way and there is a better way to do it? The easy way would be to change the file permissions to 666 but that leaves them open for tampering and the possibility that people won't get their mail.

Or if anyone knows of a program written in perl that already does this I could settle for that.

Thanks for any help,
Heath

http://www.cs.kuleuven.ac.be/~pelov/pam/

That should handle your authentication issues - it's a Perl interface to the PAM system.