From: Jamie C. <jca...@we...> - 2002-11-28 22:13:02
|
Giving someone access to usermin is quite safe, as it doesn't allow them to do anything that he couldn't do at the shell prompt. Giving a user access to webmin's Usermin Configuration module is not really safe, as they could install their own usermin module which allows the execution of arbitrary commands as root .. - Jamie Marcos Rubinstein <we...@al...> wrote .. > Sorry!!!!! I meant: usermin.. not webmin :)!!!! > > I know about webmin... of course they don't have full access to the webmin > configuration module!!!! > > then.. the question is: how secure is to give an admin (as described in > the original mail) access to the Usermin config module! > > sorry!!!!! > > notes for marcos: > lesson 1: never ask a question when you're tired > lesson 2: if you do, at least re-read your email before sending it ;) > ;) > > > On Thu, 28 Nov 2002, Jamie Cameron wrote: > > > Marcos Rubinstein wrote: > > > how secure is to give the admins of the "virtual servers" access to > webmin > > > configuration? .... the virtual servers I'm talking about are > > > freeVDS/openVDS... a chrt situation (and more ;)... where is important > > > that the admin has no way to change certain files in the /etc/ directory.. > > > or run programs as root that could give him/her control of that area > (or > > > of the /proc/ directory). > > > > As secure as giving them root access, unless webmin has been configured > to > > restrict what they can do with it. Plenty of webmin modules allow the > user to > > run commands as root (such as Command Shell) or access all files as root > > (such as the File Manager). > > > > - Jamie > > > > > > > > ------------------------------------------------------- > > This SF.net email is sponsored by: Get the new Palm Tungsten T > > handheld. Power & Color in a compact size! > > http://ads.sourceforge.net/cgi-bin/redirect.pl?palm0002en > > - > > Forwarded by the Webmin mailing list at web...@li... > > To remove yourself from this list, go to > > http://lists.sourceforge.net/lists/listinfo/webadmin-list > > > > > > > ------------------------------------------------------- > This SF.net email is sponsored by: Get the new Palm Tungsten T > handheld. Power & Color in a compact size! > http://ads.sourceforge.net/cgi-bin/redirect.pl?palm0002en > - > Forwarded by the Webmin mailing list at web...@li... > To remove yourself from this list, go to > http://lists.sourceforge.net/lists/listinfo/webadmin-list - Jamie |
From: Marcos R. <we...@al...> - 2002-12-01 20:39:56
|
Aha... makes sense!... then... as a wish ;)... perhaps a more granular "Usermin Configuration access control options" ? right now it only allows for "Can edit module configuration?"! It would be nice to have something like which usermin modules could that webmin user configure, can add new modules, etc, etc ;) (in my case I would love to be able to give the "owner" or admin of one of the virtual servers the right to configure "read mail" in usermin, but as the acl is now, it is an all or nothing situation). thanks for webmin/usermin :) Cheers! Marcos On Fri, 29 Nov 2002, Jamie Cameron wrote: > Giving someone access to usermin is quite safe, as it doesn't allow them > to do anything that he couldn't do at the shell prompt. > > Giving a user access to webmin's Usermin Configuration module is not really > safe, as they could install their own usermin module which allows the execution > of arbitrary commands as root .. > > - Jamie > > Marcos Rubinstein <we...@al...> wrote .. > > Sorry!!!!! I meant: usermin.. not webmin :)!!!! > > > > I know about webmin... of course they don't have full access to the webmin > > configuration module!!!! > > > > then.. the question is: how secure is to give an admin (as described in > > the original mail) access to the Usermin config module! > > > > sorry!!!!! > > > > notes for marcos: > > lesson 1: never ask a question when you're tired > > lesson 2: if you do, at least re-read your email before sending it ;) > > ;) > > > > > > On Thu, 28 Nov 2002, Jamie Cameron wrote: > > > > > Marcos Rubinstein wrote: > > > > how secure is to give the admins of the "virtual servers" access to > > webmin > > > > configuration? .... the virtual servers I'm talking about are > > > > freeVDS/openVDS... a chrt situation (and more ;)... where is important > > > > that the admin has no way to change certain files in the /etc/ directory.. > > > > or run programs as root that could give him/her control of that area > > (or > > > > of the /proc/ directory). > > > > > > As secure as giving them root access, unless webmin has been configured > > to > > > restrict what they can do with it. Plenty of webmin modules allow the > > user to > > > run commands as root (such as Command Shell) or access all files as root > > > (such as the File Manager). > > > > > > - Jamie > > > > > > > > > > > > ------------------------------------------------------- > > > This SF.net email is sponsored by: Get the new Palm Tungsten T > > > handheld. Power & Color in a compact size! > > > http://ads.sourceforge.net/cgi-bin/redirect.pl?palm0002en > > > - > > > Forwarded by the Webmin mailing list at web...@li... > > > To remove yourself from this list, go to > > > http://lists.sourceforge.net/lists/listinfo/webadmin-list > > > > > > > > > > > > > ------------------------------------------------------- > > This SF.net email is sponsored by: Get the new Palm Tungsten T > > handheld. Power & Color in a compact size! > > http://ads.sourceforge.net/cgi-bin/redirect.pl?palm0002en > > - > > Forwarded by the Webmin mailing list at web...@li... > > To remove yourself from this list, go to > > http://lists.sourceforge.net/lists/listinfo/webadmin-list > > - Jamie > |
From: Jamie C. <jca...@we...> - 2002-12-01 22:09:42
|
That sounds like quite a useful feature .. I will add it to the next webmin release. - Jamie Marcos Rubinstein wrote: > Aha... makes sense!... > > then... as a wish ;)... perhaps a more granular "Usermin Configuration > access control options" ? right now it only allows for "Can edit module > configuration?"! > > It would be nice to have something like which usermin modules could that > webmin user configure, can add new modules, etc, etc ;) (in my case I > would love to be able to give the "owner" or admin of one of the virtual > servers the right to configure "read mail" in usermin, but as the acl is > now, it is an all or nothing situation). > > thanks for webmin/usermin :) > > Cheers! > Marcos > > > On Fri, 29 Nov 2002, Jamie Cameron wrote: > > >>Giving someone access to usermin is quite safe, as it doesn't allow them >>to do anything that he couldn't do at the shell prompt. >> >>Giving a user access to webmin's Usermin Configuration module is not really >>safe, as they could install their own usermin module which allows the execution >>of arbitrary commands as root .. >> >> - Jamie >> >>Marcos Rubinstein <we...@al...> wrote .. >> >>>Sorry!!!!! I meant: usermin.. not webmin :)!!!! >>> >>>I know about webmin... of course they don't have full access to the webmin >>>configuration module!!!! >>> >>>then.. the question is: how secure is to give an admin (as described in >>>the original mail) access to the Usermin config module! >>> >>>sorry!!!!! >>> >>>notes for marcos: >>>lesson 1: never ask a question when you're tired >>>lesson 2: if you do, at least re-read your email before sending it ;) >>>;) >>> >>> >>>On Thu, 28 Nov 2002, Jamie Cameron wrote: >>> >>> >>>>Marcos Rubinstein wrote: >>>> >>>>>how secure is to give the admins of the "virtual servers" access to >>>> >>>webmin >>> >>>>>configuration? .... the virtual servers I'm talking about are >>>>>freeVDS/openVDS... a chrt situation (and more ;)... where is important >>>>>that the admin has no way to change certain files in the /etc/ directory.. >>>>>or run programs as root that could give him/her control of that area >>>> >>>(or >>> >>>>>of the /proc/ directory). >>>> >>>>As secure as giving them root access, unless webmin has been configured >>> >>>to >>> >>>>restrict what they can do with it. Plenty of webmin modules allow the >>> >>>user to >>> >>>>run commands as root (such as Command Shell) or access all files as root >>>>(such as the File Manager). >>>> >>>> - Jamie |
From: Bill J. <bi...@ib...> - 2002-12-01 22:27:38
|
Jamie, Do you have a "wish list" somewhere (IE DVD's, Books, etc...). I was briefly looking around the web site and did not see one. Christmas is coming and Webmin/Usermin is such a great tool and since you do all of the hard work, I was thinking about sending you something from a wish list and since I include it in every Linux Deployment I do, yada yada yada.... My guess is most people on this list would agree with me on this. Just a thought Bill |
From: Jamie C. <jca...@we...> - 2002-12-02 22:46:29
|
Bill James wrote: > Jamie, > > Do you have a "wish list" somewhere (IE DVD's, Books, etc...). I was > briefly looking around the web site and did not see one. Christmas is coming > and Webmin/Usermin is such a great tool and since you do all of the hard > work, I was thinking about sending you something from a wish list and since > I include it in every Linux Deployment I do, yada yada yada.... > > My guess is most people on this list would agree with me on this. That would be much appreciated .. I've noticed that a few other open-source developers do the same thing, so I've put up a wishlist at http://www.webmin.com/wishlist.html Or you can just send some money via paypal to jca...@we... :) - Jamie |
From: Bill J. <bi...@ib...> - 2002-12-02 23:36:01
|
Jamie, I just ordered these for you a.. Speaker for the Dead, Orson Scott Card a.. Xenocide, Orson Scott Card a.. Children of the Mind, Orson Scott Card a.. SSH, The Secure Shell: The Definitive Guide, Daniel J. Barrett and Richard Silverman Merry Christmas and great work on Webmin/Usermin ----- Original Message ----- From: "Jamie Cameron" <jca...@we...> To: <web...@li...> Sent: Monday, December 02, 2002 5:46 PM Subject: Re: Wish List ??? > Bill James wrote: > > Jamie, > > > > Do you have a "wish list" somewhere (IE DVD's, Books, etc...). I was > > briefly looking around the web site and did not see one. Christmas is coming > > and Webmin/Usermin is such a great tool and since you do all of the hard > > work, I was thinking about sending you something from a wish list and since > > I include it in every Linux Deployment I do, yada yada yada.... > > > > My guess is most people on this list would agree with me on this. > > That would be much appreciated .. I've noticed that a few other open-source > developers do the same thing, so I've put up a wishlist at > http://www.webmin.com/wishlist.html > > Or you can just send some money via paypal to jca...@we... :) > > - Jamie > > > > > > ------------------------------------------------------- > This SF.net email is sponsored by: Get the new Palm Tungsten T > handheld. Power & Color in a compact size! > http://ads.sourceforge.net/cgi-bin/redirect.pl?palm0002en > - > Forwarded by the Webmin mailing list at web...@li... > To remove yourself from this list, go to > http://lists.sourceforge.net/lists/listinfo/webadmin-list |
From: Jamie C. <jca...@we...> - 2002-12-03 02:16:57
|
Thanks! I will have to think of some new books now .. I didn't think the list would be fulfilled so quickly :) - Jamie Bill James wrote: > Jamie, > > I just ordered these for you > > a.. Speaker for the Dead, Orson Scott Card > > a.. Xenocide, Orson Scott Card > > a.. Children of the Mind, Orson Scott Card > > a.. SSH, The Secure Shell: The Definitive Guide, Daniel J. Barrett and > Richard Silverman > > Merry Christmas and great work on Webmin/Usermin > ----- Original Message ----- > From: "Jamie Cameron" <jca...@we...> > To: <web...@li...> > Sent: Monday, December 02, 2002 5:46 PM > Subject: Re: Wish List ??? > > > >>Bill James wrote: >> >>>Jamie, >>> >>> Do you have a "wish list" somewhere (IE DVD's, Books, etc...). I was >>>briefly looking around the web site and did not see one. Christmas is >> > coming > >>>and Webmin/Usermin is such a great tool and since you do all of the hard >>>work, I was thinking about sending you something from a wish list and >> > since > >>>I include it in every Linux Deployment I do, yada yada yada.... >>> >>> My guess is most people on this list would agree with me on this. >> >>That would be much appreciated .. I've noticed that a few other > > open-source > >>developers do the same thing, so I've put up a wishlist at >>http://www.webmin.com/wishlist.html >> >>Or you can just send some money via paypal to jca...@we... :) >> >> - Jamie >> >> >> >> >> >>------------------------------------------------------- >>This SF.net email is sponsored by: Get the new Palm Tungsten T >>handheld. Power & Color in a compact size! >>http://ads.sourceforge.net/cgi-bin/redirect.pl?palm0002en >>- >>Forwarded by the Webmin mailing list at > > web...@li... > >>To remove yourself from this list, go to >>http://lists.sourceforge.net/lists/listinfo/webadmin-list > > > > > ------------------------------------------------------- > This SF.net email is sponsored by: Get the new Palm Tungsten T > handheld. Power & Color in a compact size! > http://ads.sourceforge.net/cgi-bin/redirect.pl?palm0002en > - > Forwarded by the Webmin mailing list at web...@li... > To remove yourself from this list, go to > http://lists.sourceforge.net/lists/listinfo/webadmin-list > > |
From: Bill J. <bi...@ib...> - 2002-12-03 02:23:53
|
NP...The price for these was more than reasonable. Maybe someone will send cash... ----- Original Message ----- From: "Jamie Cameron" <jca...@we...> To: <web...@li...> Sent: Monday, December 02, 2002 9:16 PM Subject: Re: Wish List ??? > Thanks! I will have to think of some new books now .. I didn't > think the list would be fulfilled so quickly :) > > - Jamie > > Bill James wrote: > > Jamie, > > > > I just ordered these for you > > > > a.. Speaker for the Dead, Orson Scott Card > > > > a.. Xenocide, Orson Scott Card > > > > a.. Children of the Mind, Orson Scott Card > > > > a.. SSH, The Secure Shell: The Definitive Guide, Daniel J. Barrett and > > Richard Silverman > > > > Merry Christmas and great work on Webmin/Usermin > > ----- Original Message ----- > > From: "Jamie Cameron" <jca...@we...> > > To: <web...@li...> > > Sent: Monday, December 02, 2002 5:46 PM > > Subject: Re: Wish List ??? > > > > > > > >>Bill James wrote: > >> > >>>Jamie, > >>> > >>> Do you have a "wish list" somewhere (IE DVD's, Books, etc...). I was > >>>briefly looking around the web site and did not see one. Christmas is > >> > > coming > > > >>>and Webmin/Usermin is such a great tool and since you do all of the hard > >>>work, I was thinking about sending you something from a wish list and > >> > > since > > > >>>I include it in every Linux Deployment I do, yada yada yada.... > >>> > >>> My guess is most people on this list would agree with me on this. > >> > >>That would be much appreciated .. I've noticed that a few other > > > > open-source > > > >>developers do the same thing, so I've put up a wishlist at > >>http://www.webmin.com/wishlist.html > >> > >>Or you can just send some money via paypal to jca...@we... :) > >> > >> - Jamie > >> > >> > >> > >> > >> > >>------------------------------------------------------- > >>This SF.net email is sponsored by: Get the new Palm Tungsten T > >>handheld. Power & Color in a compact size! > >>http://ads.sourceforge.net/cgi-bin/redirect.pl?palm0002en > >>- > >>Forwarded by the Webmin mailing list at > > > > web...@li... > > > >>To remove yourself from this list, go to > >>http://lists.sourceforge.net/lists/listinfo/webadmin-list > > > > > > > > > > ------------------------------------------------------- > > This SF.net email is sponsored by: Get the new Palm Tungsten T > > handheld. Power & Color in a compact size! > > http://ads.sourceforge.net/cgi-bin/redirect.pl?palm0002en > > - > > Forwarded by the Webmin mailing list at web...@li... > > To remove yourself from this list, go to > > http://lists.sourceforge.net/lists/listinfo/webadmin-list > > > > > > > > > > ------------------------------------------------------- > This SF.net email is sponsored by: Get the new Palm Tungsten T > handheld. Power & Color in a compact size! > http://ads.sourceforge.net/cgi-bin/redirect.pl?palm0002en > - > Forwarded by the Webmin mailing list at web...@li... > To remove yourself from this list, go to > http://lists.sourceforge.net/lists/listinfo/webadmin-list |