Menu
▾
▴
Re: how secure...
|
From: Marcos R. <we...@al...> - 2002-12-01 20:39:56
|
Aha... makes sense!... then... as a wish ;)... perhaps a more granular "Usermin Configuration access control options" ? right now it only allows for "Can edit module configuration?"! It would be nice to have something like which usermin modules could that webmin user configure, can add new modules, etc, etc ;) (in my case I would love to be able to give the "owner" or admin of one of the virtual servers the right to configure "read mail" in usermin, but as the acl is now, it is an all or nothing situation). thanks for webmin/usermin :) Cheers! Marcos On Fri, 29 Nov 2002, Jamie Cameron wrote: > Giving someone access to usermin is quite safe, as it doesn't allow them > to do anything that he couldn't do at the shell prompt. > > Giving a user access to webmin's Usermin Configuration module is not really > safe, as they could install their own usermin module which allows the execution > of arbitrary commands as root .. > > - Jamie > > Marcos Rubinstein <we...@al...> wrote .. > > Sorry!!!!! I meant: usermin.. not webmin :)!!!! > > > > I know about webmin... of course they don't have full access to the webmin > > configuration module!!!! > > > > then.. the question is: how secure is to give an admin (as described in > > the original mail) access to the Usermin config module! > > > > sorry!!!!! > > > > notes for marcos: > > lesson 1: never ask a question when you're tired > > lesson 2: if you do, at least re-read your email before sending it ;) > > ;) > > > > > > On Thu, 28 Nov 2002, Jamie Cameron wrote: > > > > > Marcos Rubinstein wrote: > > > > how secure is to give the admins of the "virtual servers" access to > > webmin > > > > configuration? .... the virtual servers I'm talking about are > > > > freeVDS/openVDS... a chrt situation (and more ;)... where is important > > > > that the admin has no way to change certain files in the /etc/ directory.. > > > > or run programs as root that could give him/her control of that area > > (or > > > > of the /proc/ directory). > > > > > > As secure as giving them root access, unless webmin has been configured > > to > > > restrict what they can do with it. Plenty of webmin modules allow the > > user to > > > run commands as root (such as Command Shell) or access all files as root > > > (such as the File Manager). > > > > > > - Jamie > > > > > > > > > > > > ------------------------------------------------------- > > > This SF.net email is sponsored by: Get the new Palm Tungsten T > > > handheld. Power & Color in a compact size! > > > http://ads.sourceforge.net/cgi-bin/redirect.pl?palm0002en > > > - > > > Forwarded by the Webmin mailing list at web...@li... > > > To remove yourself from this list, go to > > > http://lists.sourceforge.net/lists/listinfo/webadmin-list > > > > > > > > > > > > > ------------------------------------------------------- > > This SF.net email is sponsored by: Get the new Palm Tungsten T > > handheld. Power & Color in a compact size! > > http://ads.sourceforge.net/cgi-bin/redirect.pl?palm0002en > > - > > Forwarded by the Webmin mailing list at web...@li... > > To remove yourself from this list, go to > > http://lists.sourceforge.net/lists/listinfo/webadmin-list > > - Jamie > |