29.21. Module Access Control
As Chapter 52 explains, you can use the Webmin Users module to give a user limited access to some modules. In the case of the Apache Webserver module, a Webmin user or group can be restricted so that he can only edit a subset of the available virtual servers. This can be very useful in a virtual hosting environment in which you want to give people the right to edit the settings for their own servers, but not those belonging to everyone else.
It is also possible to restrict the pages in the module that the user is allowed to edit, as some allow the setting of directives that could be used to subvert security on your system. For example, you would not want a user to be able to change the user and group as whom the CGI programs on his virtual server run.
To set up the Apache module for a user so that he can only edit a few virtual servers, follow these steps:
1. | In the Webmin Users module, click on Apache Web server next to the name of a user who has been granted access to the module. |
2. | Change the Can edit module configuration? field to No so that he cannot change the paths that the module uses for the web server configuration files. |
3. | For the Virtual servers this user can edit field, choose the Selected option and select those servers that he should be allowed to manage from the list provided. It is generally a bad idea to allow an untrusted user to edit the default server, as its configuration effects all other virtual servers. |
4. | Change the Can edit global options? field to No so that he cannot change settings like the ports and addresses that Apache listens on. |
5. | Change the Can create virtual servers? field to No so that he is not allowed to add new virtual hosts. |
6. | To stop him from changing the user and group as which CGI programs are run, set the Can change virtual server users? field to No. This only really matters if you have suexec installed, as explained in Section 29.8 “Running CGI Programs”. |
7. | Unless you want him to be able to change the address and port on which the virtual server accepts requests, set the Can change virtual server addresses? field to No. If they are changed, they could interfere with other virtual servers. |
8. | If the Can pipe logs to programs? field is set to Yes, he will be able to configure the virtual server to log to a command that will be run as the user as whom Apache normally runs (usually httpd). This may be a security risk on your system, so it is usually a good idea to set this field to No. |
9. | Change the Can start and stop Apache? field to No. He will be able to apply changes but not shut down the entire web server. |
10. | |
11. | The Directive types available field determines what icons appear in the virtual server options page, and therefore what kinds of directives he is allowed to edit. If you choose All, then all of the icons will be visible, along with the Show Directives and Edit Directives icons for manually editing the configuration files. If you choose Selected instead, only those pages chosen from the list provided will be visible and the manual editing icons will not. It is usually a good idea to deny access to the user and group and log files pages, and always good to prevent inexperienced users from editing the configuration files manually. An error in the httpd.conf file might cause the entire web server to stop working the next time is it restarted. |
12. |
You should be aware that these restrictions will not stop a truly malicious user causing problems with your Apache configuration. It is quite possible to use the forms to introduce intentional syntax errors into the configuration files which could interfere with the proper working of the web server. Fortunately, you can always track who has done what using the Webmin Actions Log module, covered in Chapter 54.