Configuring a demo Webmin?

[Joe C. <jo...@sw...>]

Hey folks,

What are the gotchas I should look out for when setting up an online 
(completely accessible to the internet) Webmin?  I don't think Webmin 
ACLs even begin to address the security issues with this plan...so I'm 
going to go to much greater lengths to insure that no damage can be done 
by Webmin.

My plan is to only include a few specific modules, which will be 
hardcoded to edit fake configuration files--possibly new randomly named 
ones for every user.  I've even considered running a new instance of 
Webmin for each user, in a tmp directory, on a randomly selected port 
from a pool for directories...this addresses the problem of locking and 
multiple users playing with the same configuration options at the same time.

Obviously, I don't want to run it as root, so what do I need to modify 
to run it as a thoroughly unpriviledged user?  I'm thinking I will 
create a chrooted environment for a "webmin-demo" user account with no 
permissions other than reading and writing to the new and fake environment.

Anyone done something like this?  Are there any examples of Webmins that 
have been modified for demonstration use?

Anyone have ideas for how this might be implemented simply, elegantly, 
and in 25 lines of perl?  ;-)

I've only begun thinking about this, so I'm not committed to any one 
plan of attack.  I welcome any and all pointers.

Thanks!
                                   --
                      Joe Cooper <jo...@sw...>
                  Affordable Web Caching Proxy Appliances
                         http://www.swelltech.com