Menu
▾
▴
Re: Configuring a demo Webmin?
|
From: Philippe B. <bar...@ag...> - 2001-02-09 08:31:59
|
answering myself. sorry about my post, next time I'll read the post entirely... On Fri, Feb 09, 2001 at 08:54:35AM +0100, Philippe BARNETCHE wrote: > Hi, > > I would chroot the webmin instance. > > my 2 cents > > On Thu, Feb 08, 2001 at 11:53:57PM -0600, Joe Cooper wrote: > > Hey folks, > > > > What are the gotchas I should look out for when setting up an online > > (completely accessible to the internet) Webmin? I don't think Webmin > > ACLs even begin to address the security issues with this plan...so I'm > > going to go to much greater lengths to insure that no damage can be done > > by Webmin. > > > > My plan is to only include a few specific modules, which will be > > hardcoded to edit fake configuration files--possibly new randomly named > > ones for every user. I've even considered running a new instance of > > Webmin for each user, in a tmp directory, on a randomly selected port > > from a pool for directories...this addresses the problem of locking and > > multiple users playing with the same configuration options at the same time. > > > > Obviously, I don't want to run it as root, so what do I need to modify > > to run it as a thoroughly unpriviledged user? I'm thinking I will > > create a chrooted environment for a "webmin-demo" user account with no > > permissions other than reading and writing to the new and fake environment. > > > > Anyone done something like this? Are there any examples of Webmins that > > have been modified for demonstration use? > > > > Anyone have ideas for how this might be implemented simply, elegantly, > > and in 25 lines of perl? ;-) > > > > I've only begun thinking about this, so I'm not committed to any one > > plan of attack. I welcome any and all pointers. > > > > Thanks! > > -- > > Joe Cooper <jo...@sw...> > > Affordable Web Caching Proxy Appliances > > http://www.swelltech.com > > > > > > - > > Forwarded by the Webmin development list at web...@we... > > To remove yourself from this list, go to > > http://lists.sourceforge.net/lists/listinfo/webadmin-devel > > > > > > -- > Philippe BARNETCHE > > AGISphere > 14, Boulevard Vital Bouhot > 92200 NEUILLY/SEINE > 01 47 45 99 92 > 06 10 01 68 11 > > "He who sacrifices functionality for ease of use > loses both and deserves neither." > > - > Forwarded by the Webmin development list at web...@we... > To remove yourself from this list, go to > http://lists.sourceforge.net/lists/listinfo/webadmin-devel > > -- Philippe BARNETCHE AGISphere 14, Boulevard Vital Bouhot 92200 NEUILLY/SEINE 01 47 45 99 92 06 10 01 68 11 "He who sacrifices functionality for ease of use loses both and deserves neither." |
