From owner-freebsd-questions Thu Nov 1 21:54:27 2001 Delivered-To: freebsd-questions@freebsd.org Received: from mail.freebsd-corp-net-guide.com (mail.freebsd-corp-net-guide.com [206.29.169.15]) by hub.freebsd.org (Postfix) with ESMTP id 64EEC37B405 for ; Thu, 1 Nov 2001 21:54:22 -0800 (PST) Received: from tedm.placo.com (nat-rtr.freebsd-corp-net-guide.com [206.29.168.154]) by mail.freebsd-corp-net-guide.com (8.11.1/8.11.1) with SMTP id fA25sJT75309; Thu, 1 Nov 2001 21:54:19 -0800 (PST) (envelope-from tedm@toybox.placo.com) From: "Ted Mittelstaedt" To: "Anthony Atkielski" , "FreeBSD Questions" Subject: RE: Tiny starter configuration for FreeBSD Date: Thu, 1 Nov 2001 21:54:19 -0800 Message-ID: <000a01c16362$d027d220$1401a8c0@tedm.placo.com> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook 8.5, Build 4.71.2173.0 X-MimeOLE: Produced By Microsoft MimeOLE V4.72.3155.0 In-Reply-To: <00cf01c162d6$8ada24c0$0a00000a@atkielski.com> Importance: Normal Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG >-----Original Message----- >From: owner-freebsd-questions@FreeBSD.ORG >[mailto:owner-freebsd-questions@FreeBSD.ORG]On Behalf Of Anthony >Atkielski >Sent: Thursday, November 01, 2001 5:10 AM >To: FreeBSD Questions >Subject: Re: Tiny starter configuration for FreeBSD > > >Ted writes: > >> Webmin contains it's own security mechanism that is >> much more fine grained than the UNIX system permission. > >Is this a CLI application, or does it need to run under X? > webmin is a series of scripts that are run under a small web server that runs on port 10000 typically. The system can be managed locally from a brower under X, or locally from Lynx, or remotely from any browser. >My policy in the past on systems with UNIX-like security (or rather lack >thereof) has been to set up specific commands for each task that >must be carried >out as root. Authorized persons can then execute these commands >(each of which >has its own checks for authorization, or references some common file for such >information) to do only what they are supposed to be able to do. This is basically how webmin operates. But the webmin interface is superior as many thousands of people use it and there's lots of development on it. Most other >people reach this same conclusion independently, and it seems that >it is routine >on UNIX systems to do things this way. It works well, although it requires a >lot of coding and administration for the handful of people who really are >authorized to be root. It also has to be audited carefully, so that >no command >permits doing more than it should, and no Trojan horses slip into the system. > This is why there's a tremendous movement now to get these oddball scripts rewritten into webmin, it now has modules to do nearly everything under UNIX. Ted Mittelstaedt tedm@toybox.placo.com Author of: The FreeBSD Corporate Networker's Guide Book website: http://www.freebsd-corp-net-guide.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message