From: Jamie C. <jca...@we...> - 2002-11-28 22:13:02
|
Giving someone access to usermin is quite safe, as it doesn't allow them to do anything that he couldn't do at the shell prompt. Giving a user access to webmin's Usermin Configuration module is not really safe, as they could install their own usermin module which allows the execution of arbitrary commands as root .. - Jamie Marcos Rubinstein <we...@al...> wrote .. > Sorry!!!!! I meant: usermin.. not webmin :)!!!! > > I know about webmin... of course they don't have full access to the webmin > configuration module!!!! > > then.. the question is: how secure is to give an admin (as described in > the original mail) access to the Usermin config module! > > sorry!!!!! > > notes for marcos: > lesson 1: never ask a question when you're tired > lesson 2: if you do, at least re-read your email before sending it ;) > ;) > > > On Thu, 28 Nov 2002, Jamie Cameron wrote: > > > Marcos Rubinstein wrote: > > > how secure is to give the admins of the "virtual servers" access to > webmin > > > configuration? .... the virtual servers I'm talking about are > > > freeVDS/openVDS... a chrt situation (and more ;)... where is important > > > that the admin has no way to change certain files in the /etc/ directory.. > > > or run programs as root that could give him/her control of that area > (or > > > of the /proc/ directory). > > > > As secure as giving them root access, unless webmin has been configured > to > > restrict what they can do with it. Plenty of webmin modules allow the > user to > > run commands as root (such as Command Shell) or access all files as root > > (such as the File Manager). > > > > - Jamie > > > > > > > > ------------------------------------------------------- > > This SF.net email is sponsored by: Get the new Palm Tungsten T > > handheld. Power & Color in a compact size! > > http://ads.sourceforge.net/cgi-bin/redirect.pl?palm0002en > > - > > Forwarded by the Webmin mailing list at web...@li... > > To remove yourself from this list, go to > > http://lists.sourceforge.net/lists/listinfo/webadmin-list > > > > > > > ------------------------------------------------------- > This SF.net email is sponsored by: Get the new Palm Tungsten T > handheld. Power & Color in a compact size! > http://ads.sourceforge.net/cgi-bin/redirect.pl?palm0002en > - > Forwarded by the Webmin mailing list at web...@li... > To remove yourself from this list, go to > http://lists.sourceforge.net/lists/listinfo/webadmin-list - Jamie |