39.7. Module Access Control

As Chapter 52 explains, you can create a Webmin user or group that has access to only a limited subset of the features of most modules. In the case of the Webalizer module, you can grant a user the rights to edit options for and generate reports from only some of the logs on your system. This can be useful if your system hosts multiple Apache virtual servers, each owned by a different person. As long as each server has its own separate log file, you can give a Webmin user the rights to manage both a virtual server and its log report.

Once a user has been given access to the module, you can use the following steps to limit him to only some of the log files on your system:

1.
In the Webmin Users module, click on Webalizer Logfile Analysis next to the name of the user. This will bring up the standard module access control form.

2.
Change the Can edit module configuration? field to No so he cannot modify the paths to Webalizer or its global configuration file.

3.
Leave Can only view existing reports? set to No so the user can edit the options for reports on log files that he owns.

4.
Set Can edit global webalizer options? to No to prevent the user editing options that may apply to other people's logs.

5.
In the Run Webalizer as user field, select the last radio button and enter the name of the UNIX user as whom this Webmin user normally logs in. This will stop him from setting up reports that are generated as root, which could be a serious security risk, as it would allow system files and those belonging to other people to be overwritten.

6.
In the Only allow viewing and editing of reports for logs under field, enter either the full path to a log file (like /var/log/httpd/example.com.log) or a directory that has log files under it (such as /home/example.com/logs). The module will hide any automatically discovered logs outside that directory so that the user cannot set up reports for other people's websites.

7.
Hit the Save button to activate the new restrictions.

Once a user has been restricted in this way, he will be able to use the module to set up reporting for only those log files in the directory set in Step 6. Reports will only be generated as the UNIX user specified in Step 5, which stops the Webmin user from overwriting files that he would not normally be able to at a shell prompt. This makes the module quite safe for untrusted people to use, although a malicious user could set up a reporting Cron job that runs extremely frequently and uses up an excessive amount of CPU time.

You can set the paths that the module uses for the Webalizer program and its global configuration file by using the module configuration form, reachable through the standard Module Config link on the main page. When clicked on, it displays a form containing the fields shown in Table 39.1.

Table 39.1. Module Configuration Options
Path to webalizer commandThis field must contain the full path to the webalizer executable, or just webalizer if it is in one of Webmin's program path directories, as is usually the case.
Path to webalizer configuration fileThis field must contain the full path to the global Webalizer configuration file, which is usually /etc/webalizer.conf. Additional files created for specific log file reports are always stored in the /etc/wemin/webalizer directory.
Sample webalizer configuration fileIf the global configuration file does not exist, the module will copy the file from the path specified in this field instead. This is used on some Linux distributions that include a sample file in some other directory, but not /etc/webalizer.conf. Once the module is running, the same file is never used so changing this field will have no effect.
Automatically include logfiles fromThe checkbox in this field controls from which servers the module automatically retrieves log files. By default, both Apache and Squid are selected, but if you are only generating reports on one (or neither) of these servers, you may want to deselect them so that the main page is not cluttered up with log files that you don't care about.

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
3.145.204.201