47.17. About the Usermin Modules
Table 47.2 lists the modules that are included with Usermin 0.990 and provides a brief explanation of what each one does and how safe each is for untrusted users to have access. Not all modules are available on all operating systems due to the differences between the various varieties of UNIX.
| Module name | Purpose and risks |
|---|---|
| Apache Options Files | Allows users to edit Apache .htaccess files in any directory, assuming that UNIX permissions permit it. Its interface is very similar to the feature in Webmin's Apache Configuration module for editing these same files. Because any file (not just .htaccess files) can be edited, you should make sure that file permissions on your system are adequate before giving this module to users. |
| Change Language | Lets users change the language in which the Usermin interface is displayed. Quite harmless. |
| Change Password | Allows users to change their UNIX passwords, and possibly their Samba passwords as well. Because it uses the passwd PAM service or the passwd program, normal password length rules apply. Harmless as long as your system has been configured to enforce reasonable password restrictions. |
| Change Theme | Lets users change the theme that is used to render the Usermin interface when they log in. This module poses no risks at all. |
| Change User Details | This module lets users change their UNIX account details such as the real name, home phone, and office location. Users can also change their login shell, although this feature can be disabled. Relatively safe, as you can restrict the allowed shells to those from the /etc/shells file or some other. |
| Command Shell | This module is identical to Webmin's Command Shell module, except that commands are run as the logged-in Usermin user. Because any command can be run, you should not give this module to users whom you do not trust with SSH or telnet access. |
| Custom Commands | Lets users run commands defined in Webmin's Custom Commands module, but not create or edit their own. As long as your command scripts are well written, this module is safe. Remember that commands can be run as other UNIX users, not just the logged-in Usermin user. |
| Disk Quotas | This module lets users see their current block and file quotas and the number of each used. Totally harmless, as it only displays information. |
| Fetchmail Mail Retrieval | Using this module, users can edit their personal .fetchmailrc file to set up email downloads from other servers. It can also be used to start the Fetchmail daemon process to check for mail at regular intervals. Because Fetchmail can be configured to run an arbitrary commands before connecting to a mail server, this module should not be granted to anyone that you would not trust with SSH or telnet access. |
| File Manager | Lets users explore and edit the files and directories on your system, subject to normal UNIX permissions. This module has a similar interface to the Webmin File Manager module, but without the ability to configure file sharing. It can be configured to limit users to their home directories, which makes it reasonably safe. |
| GnuPG Encryption | This module can be used by people to set up GnuPG, manage keys, encrypt, decrypt, sign, and verify files. It is quite safe, although some of its features can be used to read files on your system—subject to normal UNIX permissions. |
| HTTP Tunnel | This module allows the system administrator to create an icon in Usermin that actually connects users to another web server. However, instead of just linking to some URL, all requests are tunnelled though Usermin, and so do not appear to come from the user's browser at all. From a security point of view, it is totally harmless. |
| Login Scripts | Allows users to edit their .profile, .login and .cshrc script files that are run when logging in via telnet, SSH, or at the console. If a user cannot log in, these files will never be run and thus the module is quite safe (but useless). If a user can log in, however, then he can run arbitrary commands anyway. |
| Mail Forwarding | This module lets users edit their .forward or .qmail files to set up mail forwarding for their addresses. It can be configured to prevent the use of programs or writing mail to arbitrary files, which makes it quite safe. |
| Mount Filesystems | On Linux systems, this module can be used to mount and unmount filesystems that have been set up in Webmin's Disk and Network Filesystems module to be mountable by users. Safe as long as you don't allow the mounting of potentially dangerous filesystems, such as ext2-formatted floppy disks containing setuid-root executables. |
| MySQL Database | This module uses an interface very similar to the Webmin module of the same name to let users log in to a MySQL server and manage tables and records. It can be configured to restrict which databases a user can see and edit, and of course normal MySQL permissions apply. This makes it quite safe. |
| Plan File | The .plan file in a user's home directory is displayed when someone uses the finger command to look up information on the user. This module is completely safe, but useless if the finger service is not enabled in inetd on your system. |
| Procmail Mail Filter | This module lets a user edit his .procmailrc file to configure how mail sent to his address is delivered. Its interface is identical to that of the Webmin module with the same name. Because Procmail can be set up to deliver email to an arbitrary program, this module should not be given to users who are not trusted with SSH or telnet login access. It is useless and harmless, however, if Procmail is not installed or set up on your system. See Chapter 45 for more details. |
| Read Mail | This is probably Usermin's most powerful module, as it is a complete mail reading and sending interface. It supports multiple folders or different types, an address book, sent mail and drafts files, and GnuPG encryption and verification of outgoing and incoming email. As long as users are not allowed to attach files on the server, it is perfectly safe. |
| Running Processes | Allows users to view and kill processes that they own on your system, as well as starting new ones. It is like the Webmin module of the same name, but runs with the privileges of the logged-in user instead of root. Users who are not allowed to have shell access should not be granted access to this module either. |
| SSH Configuration | Lets users configure their personal .ssh/config file and manage SSH keys. Because it only allows the editing of specific files, it is totally safe to give to users, but useless if they cannot log in with SSH. |
| SSH/Telnet Login | This module just displays a Java applet for connecting to your system via SSH or telnet. Because they must still log in as they would with any telnet client program, it is totally harmless. |
| Scheduled Commands | This module can be used to create and remove At jobs, which are shell commands to be run once at a certain date and time. It is similar to the Webmin module with the same name, but only allows the creation of jobs that run as the logged-in user. Because an At job can execute any command, it should not be given to users who are not trusted with shell access. |
| Scheduled Cron Jobs | Users can use this module to create, edit, delete, and run their own Cron jobs. Again, it should not be granted to users who do not have shell access, as it can be used to run any command. |
| System Documentation | This module is identical to Webmin's System Documentation module. Because it only allows the viewing of manual pages and other documentation files, it is quite safe—as long as no files exist in documentation directories that you don't want people to read! |
| Upload and Download | This module allows users to upload multiple files to their home directories on the Usermin server and to download multiple URLs to the Usermin system. It should not be granted to any user that you do not trust to write to files. |
You might be wondering what is so harmful about letting users run commands on your server. The reason is that many more security holes exist for UNIX systems that can give a normal user root privileges than those that allow some other system on the network to gain root access. Any user who can run a command can potentially exploit one of these holes, so it is better to avoid this where possible. Users who can run commands can also use up large amounts of memory, CPU time, or network traffic by starting resource-wasting processes, which can make your system nearly unusable.
..................Content has been hidden....................
You can't read the all page of ebook, please click here login for view all page.