System Configuration APIs
All System Configuration APIs must be intrinsically distrustful of their calling functions. This prevents a potential malefactor from directly calling these programs while masquerading as coming from a valid user. Such a masquerade could be successful if the API did not verify the authenticity of the caller on its own.
This distrust is managed by creating a virtual domain within the webserver for the UMS. The virtual domain along with its libraries and system configuration APIs will run under a distinct set of user and group permissions.
The Password Change API is responsible to ensure that the username and old password successfully authenticate the user. Only if the user is verified in this way is the new password checked for hardness according to the system configuration (normally using the cracklib libraries), then using a suid program, this API effects the password change on the system.
The Mail Forwarding API authenticates the user and if authenticated, allows the user to review, change or set the contents of their home .forward file.
The Mail Filtering API can perform many functions. For the purpose of this application, it copies a system .procmailrc template file into the user’s home account, thus effecting spam control. Again, the API must authenticate the user before effecting these changes.
Reviewing Disk Quota
The Disk Quota API authenticates the user and once authenticated, returns the user’s current quota values for display back to the user via a CGI script.