![]() ![]() ![]() A superior program is Usermin, which was developed by the same author and shares much of the Webmin code and user interface. Webmin's access control capabilities give you the power to lock down users, but only if used properly.Įven though it is possible to create a user with access to only his own email, home directory and password, Webmin is not always the best way to provide this kind of single-user web interface. All it takes is a small hole for an attacker to sneak through and take total control of your system. You must be very careful when granting access to un-trusted Webmin users though, as even a small mistake in the access control configuration may allow the user to edit arbitrary files on your system or run commands as root. Even programs like sudo are limited when it comes to allowing a user to edit only part of a file, or run a command with only certain arguments. Many of these rights would be impossible to grant using command-line tools without giving root access to the entire system. Allowing a user to view and cancel print jobs in the Printer Administration module, but not edit or create actual printers.Creating custom commands and then giving a user the rights to run only some of them, but not create or edit any.The user could be allowed to apply his configuration changes, but not to start or stop the proxy server. Giving a user access to the Squid access control list, but not to other functions.Similar access control can be set up for PostgreSQL. Allowing a user access to only one MySQL database, but not to other databases or user permissions.Important system users such as root or bin cannot be edited or even viewed. ![]() Giving a user the rights to edit and create Unix users with UIDs within a certain range and with home directories under a restricted directory.Global settings or directives in other virtual hosts cannot be edited. Creating a user with the right to edit directives in only a few Apache virtual servers that he owns.Some examples of the kind of access control restrictions that you can set up are : Because Webmin still runs with full root privileges even when used by a restricted user, it still has access to all the configuration files and commands that it needs. You can further restrict what the user can do within each module, so that he cannot abuse its features to perform actions that he is not supposed to. Webmin solves this kind of problem by allowing you to create additional users who can login, but only access a few modules. Unfortunately, once someone is able to login as root he has full control of the system and can do whatever he wants. On a normal Unix system, this person would have to be given root access so that he can edit the zone files and re-start the DNS server when necessary. For example, you may have a person in your organization whose job it is to create and edit DNS zones and records. However, there are many situations in which the administrator may want to give some people access to a subset of Webmin's features. Even if your system has multiple users, there may be only one who needed to perform system administration tasks. On a home or office system used by just one person, that is all you need. Introduction to Webmin users, groups and permissionsĪ standard, out-of-the-box Webmin installation has only one user (called root or admin) who can use every feature of every module. 2.8 Configuring the Webmin Users module.2.6 Viewing and disconnecting login sessions.1 Introduction to Webmin users, groups and permissions. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |