Home You are here: Doxfer > Usermin Web > Introduction
r4 - 07 Jun 2008 - 22:53:39 - SwellJoe

Usermin Configuration

This chapter explains what Usermin is, why you might want to use it, and how it can be configured from within Webmin. It also provides a brief explanation of the available Usermin modules.

Introduction to Usermin

Usermin is a web interface similar to Webmin, but designed for normal Unix users to carry out tasks that they should normally do at the shell prompt. It was written by the same author as Webmin, shares a lot of the same code, and has a similar underlying design and user interface. Whereas Webmin allows you do to things that would normally be done by logging in as root, Usermin lets you do things that can be done by logging in as normal user.

Usermin is a very useful program to install if you want to give users on your system the ability to read and send email, change passwords or edit files through an easy to use web interface. It groups all of these functions together, and allows the administrator to choose which users get access to which features.

Usermin can be downloaded from www.usermin.com in both RPM format for most Linux distributions, or tar.gz format for other operating systems. It supports all of the same operating systems that Webmin does, and is installed in exactly the same way. If your version of Linux uses the RPM package format, the Software Packages module (covered in chapter 12) can be used to install it. Otherwise you will need to extract the Usermin tar.gz file and run the setup.sh script, just like you would for Webmin.

Because Usermin uses port 20000 instead of 10000, to access it after installation you will need to go to the URL http://yourservername:20000/ in your browser. On the login page that appears enter the username and password of any Unix user on your system and hit the Login button. A main menu very similar to the one in Webmin will be displayed, but with different categories and modules. In its default configuration, Usermin should be quite usable for tasks such as reading email, changing your password or logging in via SSH.

Usermin can be navigated in just the same way that Webmin can, and its modules have very similar designs. In fact, some of the modules are exactly the same as those in Webmin, such as Running Processes and SSH/Telnet Login. The only differences is that they run with the privileges of the logged-in Unix user rather than root.

amateur clips
amateur movies
amateur videos
anal clips
anal movies
anal videos
asian clips
asian movies
asian videos
fat bbw clips
fat bbw movies
fat bbw videos
black ebony clips
black ebony movies
black ebony videos
fuck clips
fuck movies
fuck videos
latina clips
latina movies
latina videos
lesbian clips
lesbian movies
lesbian videos
milf clips
milf movies
milf videos
shemale clips
shemale movies
shemale videos
teen clips
teen movies
teen videos
big tits clips
big tits movies
big tits videos
blowjob clips
blowjob movies
blowjob videos
group ogry clips
group ogry movies
group ogry videos
interracial clips
interracial movies
interracial videos

This chapter focuses primarily on how to configure the program from within Webmin, using the Usermin Configuration module. Usermin does not have any facility to configure itself. You must either use this module, or edit the configuration files in /etc/usermin directly. Needless to say the former option is much easier. The instructions in this chapter were written for Usermin 0.990, and some older versions lack certain features, such as the ability to restrict access to modules for specific users and groups.

Also in this chapter (in the About the Usermin modules section) is a complete list of the standard modules and a short description of the capabilities of each one. It is not yet a complete user's guide for Usermin.

The Usermin Configuration module

This module should be used if you want to re-configure Usermin in any way, such as changing the default theme, the port that it listens on or the client addresses that are allowed to connect. It can be found under the Webmin category on the main menu, and the main page that will appear when you click on the icon is shown in Figure 47-1. As you can see, the page is actually a table of icons, each of which can be clicked on to display a form for editing a class of options. At the bottom at buttons for starting or stopping the Usermin server process, and possibly for setting it to start at boot time.

** Figure 47-1 The Usermin Configuration module

As is usual with Webmin modules, if Usermin is not installed an error message like *The directory /etc/usermin either does not exist on your system* will appear on the main page instead. Even though Usermin is similar to Webmin, it must be installed separately by following the instructions in the introduction to this chapter. This error can also occur in the unlikely event that you have chosen a different configuration directory to the default of /etc/usermin. If so, read the *Configuring the Usermin Configuration module* section to find out how to change the module to look in the right location.

Starting and stopping Usermin

Usermin has its own permanently running server web server process, which can be started or stopped using this module. At the bottom of the main page is either a button labeled Stop Usermin or *Start Usermin*, depending on whether it is currently running or not. The server can also be stopped and started at the command line by running /etc/usermin/stop or /etc/usermin/start as root.

On operating systems like Linux, Solaris and HP/UX that use standard SYSV-style bootup action scripts the main page also has a button labeled Start at boot time. If you select the Yes radio button next to it and hit the button, an bootup script will be created or enabled to start the Usermin server when your system boots. Selecting No will cause any existing script to be disabled so that it does not get started. The action will be visible in the Bootup and Shutdown module (covered in chapter 9), and you can enable or disable it there as well.

On operating systems like FreeBSD? and MacOS? X that use a different method of running commands at boot time this button will not appear at all. However, you can still use the Bootup and Shutdown module to have the command /etc/usermin/start run at boot time to achieve the same result.

Restricting access to Usermin

By default Usermin will accept connections from any IP address. Even though it is password-protected, you should limit access to only legitimate client systems if possible, so that an attacker from outside your network cannot even attempt to login. The steps to follow to do this are :

  1. Click on IP Access Control on the module's main page to bring up the access control form.
  2. Select Only allow from listed addresses and enter a list of hostnames, IP addresses and networks into the adjacent text box. Networks should be entered with a netmask like 192.168.1.0/255.255.255.0. You can allow access from an entire DNS domain by entering something like *.example.com, but be aware that that is not totally secure as an attacker can fake reverse DNS results.
  3. Normally Usermin will resolve any hostnames that you enter only once, when it first starts up. To change this check the *Resolve hostnames on every reques*t box, and it will convert hostnames to IP addresses for comparison for every request. This can be useful if the system you are running a browser on is frequently changing IP address, but is able to update a DNS record to match. This can happen on a network using DHCP, or if you are connected to an ISP that dynamically assigns addresses.
  4. To have Usermin check the TCP-wrappers configuration files /etc/hosts.allow and /etc/hosts.deny as well when deciding whether to allow a client, turn on the Also check TCP-wrappers hosts.allow and hosts.deny files option. The service name to use when editing those files is usermin.
  5. Hit the Save button to activate the new client address restrictions.

Changing the port and address

Usermin usually listens for connections on port 20000 on all of your system's IP addresses. You may need to change the port though, perhaps because a firewall on your network only allows connections to web servers on the standard ports of 80 and 443. Changing the listening IP address can also be useful if your system has multiple network interfaces and you want to only allow connections on the interface connected to the internal LAN.

To change the port or address, do the following :

  1. Click on the Port and Address icon on the module's main page.
  2. To listen on only a specific interface address, select the second option in the Listen on IP address field and enter an IP into the text box next to it. This must be the address of one of your host's real or virtual interfaces.
  3. To change the port, enter a number into the Listen on port field.
  4. Hit the Save button to use the new settings. Anyone currently using Usermin will need to re-login at the new URL, as the old one will stop working.

Configuring the Usermin user interface

Usermin has several settings that control what appears in its user interface, what module users are directed to when they login, and if the sending of feedback is allowed. Follow these steps to edit them :

  1. On the module's main page, click on the User Interface icon to bring up the interface options form.
  2. In some themes (covered in Installing and changing themes), the title at the top of every page is rendered as an image. Because this can make the page slow to download, you can force the use of plain HTML text titles instead by changing the Display titles as text? field to Yes.
  3. By default every page in Usermin shows your system's hostname and operating system, which you might regard as a security risk. To turn this off, from the Display login and hostname menu select Nowhere, and change the Show version, hostname and OS on main menu? field to No. The first menu can also be used to change the location of system information; by default it appears in the browser status line.
  4. Normally after a user logs into Usermin they will see the main menu listing the various modules and categories. To have users re-directed to a specific module instead, select it from the After login, always go to module menu. This can be handy if most of your users use a particular feature, such as the Read Mail module.
  5. Like Webmin, Usermin has a button in the top-right corner of every page for sending feedback. It is disabled by default, but you can turn it on by changing the Allow sending of feedback field to Yes, to address and entering an appropriate address in the adjacent text box. This gives your users an easy way to send you questions or problem reports.
  6. By default, feedback is sent by running /usr/lib/sendmail and passing email to it for delivery. If Sendmail is not installed on your system or you want feedback to be sent via another mail server, select SMTP server in the Send feedback via field and enter a hostname into the text box. This tells Usermin to make an SMTP connection to that host for sending email instead.
  7. Click the Save button at the bottom of the page to activate the new settings.

Installing Usermin modules

Like Webmin, Usermin has a modular design. This means that each module (such as Read Mail or File Manager) is a separate piece of code, and thus can usually be installed or removed without effecting the rest of Usermin. Being able to install new modules is the most useful feature, as several have been developed by people other than the Usermin developer. The best place to find extra modules is the website webmin.thirdpartymodules.com, which is a searchable database of almost all Webmin and Usermin modules. You can also write you own modules, as chapter 55 (Writing Webmin Modules) explains. Do not bother trying to install modules for Webmin, as they will be rejected, and would not work anyway.

A new module can be installed by following these steps :

  1. On the Usermin Configuration module's main page, click on the Usermin Modules icon. This will bring to you to a page with forms for installing, cloning and deleting modules.
  2. If you have already downloaded the module's .wbm file to the system on which Usermin is running, select From local file and enter the full path to the file into the text field next to it. If the module file is on the PC that your web browser is running on, select From upload file and use the Browse button to find the file on your computer. If the module is on a web site somewhere, select From ftp or http URL and enter the full URL into the text box next to this option.
  3. Hit the Install module from file button to download (if necessary) and install the new module. If everything goes OK a page listing the modules installed and the sizes of their directories will be displayed. Unless you have hidden modules from certain users (as explained in the Restricting access to modules section later in this page), this new one will be immediately visible to and usable by all Usermin users.

Any of the modules currently installed, including those that comes with Usermin by default, can be deleted on the same page as well. Deleting the default modules is not a good idea though, as they will be automatically re-installed the next time you upgrade. Instead it is better to hide the ones that you don't want people to use, as explained in Restricting access to modules section. Not all modules can be deleted either, as some are depended upon by other modules. Running Processes in particular has many dependants, and so removing it will cause modules like Change Password, Custom Commands and GnuPG? Encryption to stop working.

To remove one or more modules, the steps to follow are :

  1. Click on the Usermin Modules icon on the main page.
  2. Scroll down to the last form on the page and select all the modules that you want to remove from the Delete Modules list.
  3. When you hit the Delete selected modules button a confirmation page will be displayed showing exactly what will be removed. Or if there are some dependency problems that prevent one or more from being deleted, an error message explaining the problem will be shown instead.
  4. Click on Delete to go ahead with the module's removal.

Changing the default language

Like Webmin, parts of Usermin have been translated into different languages. You can change the default language for users by following the steps below, or they can individually specify their own preferred languages using the Change Language module. None of the translations are complete though, so many messages and labels will still appear in English.

  1. Click on the Language icon on the module's main page.
  2. In the form that appears, select your users' preferred language from the Display in language menu.
  3. Some browsers (such as Opera) can request that the server display pages in a language chosen by the user. To have Usermin honor such requests if possible, change the Use language specified by browser? field to Yes. If a language is sent, it will override both the global and individual users' settings.
  4. Hit the Save button to have Usermin switch to the new language.

Assuming they have access to the Change Languages module, users can override whatever global selection you make in this module for themselves. This can be handy if everyone speaks English except for one person who prefers German.

Upgrading Usermin

Even though Usermin can be upgraded by installing the latest RPM or tar.gz package from the command line, this module can do the job for you with even less effort. The program can be upgraded either from a package that you have downloaded, from a URL somewhere or directly from the www.usermin.com site. In all cases the upgrade must be made using the same type of package that Usermin is currently installed from. This means that if you originally installed the RPM package, you must upgrade with an RPM as well.

The easiest way to upgrade is to have Webmin check for and download the latest version directly from the Usermin site. This ensures that the right kind of package will be used, and that nothing will be done if you are already running the latest stable release.

To upgrade using any of the above methods, follow these steps:

  1. Click on the Upgrade Usermin icon on the module's main page. This will take you to a page with forms for upgrading, installing updated modules and setting up the automatic install of updates.
  2. The Upgrade Usermin form is very similar to the form for installing modules, explained in the Installing Usermin modules section. Select either From local file if the new package is already on your server system, From uploaded file if it is on the PC your web browser is running on, or From ftp or http URL to have the package downloaded from some URL. The easiest option is to choose Latest version from www.usermin.com to have the appropriate package downloaded automatically.
  3. If Usermin on your system was installed from the tar.gz file, the Delete old version's directory after upgrade? box can be checked to have the old version removed after the new one is installed. Unless you want to be able to revert to the old release, this option should be enabled to save on disk space. It does not appear at all for RPM installs, as the RPM package always installs in the same directory.
  4. Hit the Upgrade Usermin button to begin the upgrade. A page showing the download progress (if necessary) and output from the new version's setup.sh script will be displayed.

The upgrade process will preserve all global and user settings, and should not even be noticeable by users currently accessing your Usermin server. If you originally installed the program from the tar.gz package, the new version will be installed in the directory next to the old one. For example, if Usermin 0.980 was in /usr/local/usermin-0.980 and you upgraded to version 0.990, it would be installed in /usr/local/usermin-0.990, and the old directory deleted if the *Delete old version's directory after upgrade?* option was enabled.

Also on the upgrade page are forms for installing updated modules for Usermin from www.usermin.com, and for having such updates installed automatically. Occasionally a bug is found in the latest version of the program, and an updated module that fixes the problem is made available at http://www.usermin.com/uupdates.html for administrators to download and install. Instead of checking manually, you can use this Usermin module to find and install needed updates.

Because this feature is identical to one for installing updates to Webmin, it is not covered in this chapter. Instead, see the Upgrading Webmin section of WebminConfiguration for details on how to use it. The instructions in that chapter that apply to the Webmin Configuration module can also be used in this module as well.

Configuring authentication

Usermin has several options that control the authentication method it uses for validating Unix users, how multiple failed login attempts are handled and how Unix user passwords are checked. The default authentication method uses cookies, but if your users' browsers cannot handle them you may want to switch to basic HTTP authentication instead. The only problem with this method is that there is no way to properly log out, as there is no support for logging out in the HTTP protocol. However, it sometimes must be used. For example, some browsers on MacOS? X cannot load applets (such as the ones in the File Manager and SSH/Telnet Login Usermin modules) from web servers using cookie authentication.

To configure authentication for Usermin, follow these steps:

  1. Click on the Authentication icon on the module's main page to bring up the authentication form.
  2. When Enable password timeouts is selected, Usermin will detect multiple failed login attempts from the same IP address and lock that host out for a configurable amount of time. This feature should always be turned on, as it stops attackers using millions of login attempts to guess passwords on your system. The Block hosts with more than field specifies the number of login attempts allowed from a single host before blocking is triggered, while the failed logins for field sets the number of seconds that a host is blocked for. The defaults are reasonable, but you can increase the timeout if you are feeling paranoid.
  3. When Log blocked hosts, logins and authentication failures to syslog is selected Usermin will send messages to the system logs (covered in chapter 13) when a user logs in, logs out or enters an incorrect password. All messages are sent with the authpriv facility. You should leave this option turned on, so that suspiciously large numbers of login failures can be detected.
  4. When Enable session authentication is selected, Usermin will use its own login form to ask users for a username and password, and set a cookie after the login is complete to identify authenticated clients. To switch to normal HTTP authentication, select Disable session authentication instead.
  5. When using session authentication, Usermin can be configured to automatically log users out if they have been inactive for more than a certain amount of time. To enable this, check the Auto-logout after box and enter a number of minutes into the text field next to it. This feature and the next three are not available when using HTTP authentication.
  6. When Offer to remember login permanently? is checked (as it is by default), the login form will include a check box for permanently remembering the login. When selected, the cookie sent to the user's browser will be marked to indicate that it should be saved even if the browser is shut down and re-run later. This is convenient because is means that the user will not have to login to Usermin again, but you may consider it a security risk. If so, un-checking this box will remove the remember option from the login form.
  7. By default the login page includes the hostname from the URL in the message above the username and password fields. To hide it, de-select the Show hostname on login screen? box.
  8. Some people like to have a welcome message shown on the login page the first time a user accesses it, perhaps giving information about the server or what it is supposed to be used for. To enable this on your system, first create an HTML page containing the message that you want to appear. Then select Show pre-login file and enter the full path to the HTML file in the text field. After a user reads it he must re-load or re-visit the page (perhaps by following a link in the page itself) to force the real login form to appear.
  9. To have Usermin automatically authenticate connections from localhost by determining which Unix user is making the connection, select Allow login without password for matching users from localhost. If you run a browser on the same system as Usermin runs on, this feature allows you to access the URL http://localhost:20000/ and be logged in without needing to enter a username and password. It is convenient, but potentially insecure if an attacker can trick a program (such as Squid) into connecting to that URL, which would grant access to Usermin as the user that the program runs as. For this reason, Always require username and password is selected by default.
  10. Usermin can check users' passwords in three different ways � using PAM, by reading the password file directly or by consulting some other program. PAM is the best method, and can be enabled by selecting Use PAM for authentication on this form. However, it will only work if your operating supports PAM (only Linux and Solaris do), if the Authen::PAM Perl module is installed, and if the /etc/pam.d/usermin service file is set up correctly on Linux. This file is included in the RPM package of Usermin though. The most reliable method of authentication is directly reading the /etc/passwd or /etc/shadow file containing usernames and passwords. You can enable this by selecting Authentication using password file instead. The other fields next to it are set by default to match your operating system, and do not generally need to be changed. The only problem with this authentication method is that even expired accounts will be able to login, as Usermin does not check those password file fields. The final authentication method uses an external program to validate passwords. This program must behave exactly like Squid's external authentication program, covered in the Setting up proxy authentication section of chapter 44. To enable it, select Use external squid-style authentication program and enter the full path to the program followed by any parameters into the adjacent text field. This option can be useful for looking up passwords in an LDAP or MySQL? database. However, it cannot be used to create "fake" users who do not have real Unix accounts.
  11. Finally, hit Save at the bottom of the form to activate the new authentication settings. They will not apply to already logged-in users though.

Editing categories and moving modules

Every Usermin module has a category that controls where it appears on the module's main menu. You can create your own categories and move modules from their default locations into your own or existing categories, which can be useful if you don't like the default arrangement, or want to put everything into one huge category.

To create new categories or re-name existing ones, follow these steps :

  1. Click on Edit Categories on the module's main page to display the category editing page.
  2. To add a category, scroll down to the bottom of form. In the first empty field under ID enter a unique internal name for your new category, such as stuff. Then in the field next to it under Displayed description enter the name that will appear in Usermin, such as My Stuff. Existing categories that you have added can be edited by changing the fields in this section as well. However, you should not change the entries in the ID column, as they are used internally to associate modules with categories. The ID is never visible to users anyway � only the displayed description is.
  3. To change the name of one of the default categories displayed at the top of the form, select the second radio button next to it and entering a new description into the text box to the right. If Default is chosen, the standard name based on the user's language will be used.
  4. Hit the Save Categories button at the bottom of the form to activate the new categories. You can now move modules into any that you have created.

To change the categories that modules appear in, do the following :

  1. Click on the Reassign Modules icon on the main page.
  2. The page that appears lists every installed Usermin module and the category it is currently in. For each module that you want to move, select a new category from the menu next to its name.
  3. Click on the Change Categories button at the bottom of the page to move the modules.

Changing and installing themes

A theme is an extension to Usermin (much like a module) that controls how its interface appears to users. The currently active theme determines if and how the categories at the top of each page are displayed, what page background is used, what icons each module has, how titles appear and how each page ends. By changing themes you can significantly change the look of Usermin without effecting its functionality. Several themes are included by default, and you can install more that have been written by other developers.

Like the language, you can set the theme for all users in this module, and users can choose their own themes and override the default with the Change Theme module in Usermin. The steps to change the theme for everyone are :

  1. Click on the Usermin Themes icon on the module's main page. This will take you to a page for changing themes, installing a new theme and deleting existing ones.
  2. Select the theme to use from the Current theme menu. Those included as standard with Usermin are : *Old Usermin Theme *The very simple theme that the first versions of Webmin and Usermin used before theming was added. If you find the default too slow, this may be a better alternative as it uses less images. *MSC.Linux Theme *The current default Usermin theme. *MSC.Linux Mini Theme *A modified version of the default theme, designed for use on small-screen devices such as PDAs.
  3. Hit the Change button to activate the chosen theme.

New themes developed by other people can also be added to Usermin, although none actually exist at the time of writing. Themes for Webmin cannot be used, due to differences in the design of the two packages. However, you can write your own, as chapter 58 (Creating Webmin Themes) explains.

To install a theme, follow these steps :

  1. Click on the Usermin Themes icon on the module's main page.
  2. Select the theme's file using the second form. Just as when installing a module, you can choose to install a theme from a file on the system running Webmin, the PC your browser is on, or an HTTP or FTP URL.
  3. Hit the Install Theme button to have it downloaded (if necessary) and installed.

The final thing that you can do on this page in delete one of the installed themes. The Old Usermin Theme cannot be deleted as it is built into the program, and the other two standard themes should not be as they will be added again if you upgrade to the next version.

To delete a theme that you have installed, follow these instructions :

  1. Click on the Usermin Themes icon on the module's main page.
  2. Select the one to remove from the Theme to delete menu at the bottom of the page. If that menu does not appear it means that all installed themes are in use either by an individual user or as the default for all users.
  3. Hit the Delete button to bring up a confirmation page asking if really want to go ahead.
  4. Click on Delete to remove the theme.

Turning on SSL

Like Webmin, Usermin can operating in SSL mode if the OpenSSL? library and Net::SSLeay Perl modules are installed. Chapter 3 (Securing your Webmin Server) explains how to install them and why SSL should be used, so read it first before continuing with this section. Usermin will also automatically use SSL mode by default if it detects that the needed libraries are available at install time, and will generate its own unique SSL certificate and key for your system if possible.

If you install the required libraries after Usermin, you can switch to SSL mode by following these steps :

  1. Click on the SSL Encryption icon on the module's main page. If Net::SSLeay is missing an error message will be displayed telling you that SSL mode cannot be used. Otherwise, a form for turning it on and off and for generating a new SSL key will appear.
  2. Change the Enable SSL if available? field to Yes.
  3. If you have your own SSL key for this host already, enter its full path into the Private key file field. If this file just contains the key and not the certificate, you will need to fill in the Certificate file field as well. To just use Usermin's own certificate, leave these fields unchanged.
  4. Hit the Save button to switch to SSL mode. All users that try to connect to the old http:// URL from now on will be told to use the new https:// URL instead.

This same page can also be used to generate a new SSL key for use by Usermin. You should definitely do this if OpenSSL? was not installed when Usermin was, as it will fall back to using the key that comes with the program if a new one cannot be generated at install time. This is highly insecure, as the key is available to everyone and can be used to de-crypt network traffic, thus totally negating the main benefit of SSL! You might also want to create a new key if the details of the default one (such as the company name and country) are not correct.

Follow these instructions to generate and starting using your own key and certificate :

  1. Click on the SSL Encryption icon on the module's main page, and scroll down to the bottom form.
  2. If your system is always accessed using the same hostname in the URL, enter it into the Server name in URL field, such as www.example.com. This will cause the generated certificate to be associated only with that hostname. Otherwise select Any hostname to allow the certificate to used with any URL hostname. This is more convenient, but slightly less secure.
  3. In the Email address field enter the address of the person responsible for this Usermin server, such as joe@example.com.
  4. If appropriate, fill in the Department field with the name of the department or group within your organization that this server belongs to, such as Network Engineering.
  5. In the Organization field enter the name of the company or organization that owns this server, such as Foo Corporation.
  6. In the State field enter the name of the state that your server is in, such as California.
  7. In the Country code field enter the two-letter code for the country the server is in, such as US.
  8. Leave the Write key to file field unchanged, unless you want the key file to be written elsewhere.
  9. To have Usermin configured to use the newly generated key, leave the Use new key immediately field set to Yes. If you select No you will need to switch to this key later by following the instructions earlier in this section.
  10. Hit the Create Now button to generate the key and certificate and store them in the specified file in PEM format.

All of the fields in this form are optional, with the exception of Server name in URL. If the key is just for use on your own home server, there is no need to enter a department or organization name. However, you must make sure that any key you generate here has different details to the one created for Webmin itself. Browsers like Mozilla and Netscape currently have problems if they encounter two different keys with the same server name, department, organization and so on.

Configuring Usermin modules

Almost all Usermin modules have several configurable settings that effect their user interfaces and behavior. There are actually two types of setting � those that apply to all users and are set by the administrator in this module, and those that apply to only a specific user and can be set by users themselves from within Usermin. This latter set of options are called preferences, and can be set by users by clicking on the Preferences link that appears in the top-left corner of the main page in some Usermin modules (the same place that the Module Config link appears in Webmin). You can also use the Usermin Configuration module to set the defaults preferences for users who have not set them.

To the configuration or default preferences for a module, follow these steps :

  1. Click on the Usermin Module Configuration icon on the module's main page to go to a list of all installed modules.
  2. Click on the name of the module that you want to configure. This will bring up a page containing one or two forms. The first (titled Configurable options) is for editing the global settings for the module, while the second (titled Default user preferences) is for editing preferences. Figure 47-3 shows an example. Because some modules do not have preferences and some do not have configurable options, one or the other of the forms may not be displayed. The actual fields in both forms depends on the module chosen. For example, the Read Mail module has settings that control where it looks for user email and what format it expects the mail file or directory to be in. The defaults in the Configurable options form are set when Usermin is installed to match your operating system, and do not usually need to be changed.
  3. To edit the module's configuration, make whatever changes you want to the fields in the first form and hit the Save button below it to activate them.
  4. To change the default preferences, change the fields in the second form at hit its Save button to activate them. They will only apply to users who have not set their own preferences for the module though. This form always includes a Users can edit preferences? field that if set to No stops users editing the preferences for the module in future.

** Figure 47-3 The Usermin module configuration page

The configurable settings in most modules are fairly obvious and need no further explanation. However, the Read Mail module's form has a large number of fields that control where it looks for email, how it sends mail, what From address users are assigned where user folders are stored. Even though it usually defaults to looking for mailboxes in the /var/spool/mail directory, it can be configured to use the Qmail-style Mailbox file or Maildir directory in users' home directories, which is necessary if you are running a mail server other than Sendmail.

The configuration fields for the Read Mail module and their meanings are listed in the following table :

Restricting access to modules

Usermin will usually allow all users who can login to access all of the installed modules. This may not be appropriate for your system though. You may want some users to just be able to read email and change their passwords, while giving others access to everything. Some of the modules are quite powerful, such as the File Manager and Command Shell, and so should be restricted to people who have FTP or SSH access to your system.

Naturally it is possible to set this up in Usermin, or this section would not have been written. This Webmin module lets you select the Usermin modules that are available to a specific user or members of a group. This is done by creating a list of rules, each of which applies to some user or group or to all users, and which either adds or subtracts a list of modules from that user. This allows for quite complex module restriction configurations to be created � for example, you could give the group users access to three modules, and then the user fred (who is a member of users) access to one more without having to list the other three for him explicitly.

To create an module restriction rule, follow these steps :

  1. Click on the Module Restrictions icon on the main page to bring up a list of existing restrictions, an example of which is shown in Figure 47-2.
  2. Click on Add a new user or group restriction above or below the list to go to the restriction creation form.
  3. The Applies to field determines which users this restriction effects to. You can either select Unix user and enter a single username in the field next to it, Members of group and enter a group name or All users. The latter option is useful for defining the modules that everyone can use, except for users that you grant more modules to in later restriction rules.
  4. In the Modules section is a list of all Usermin modules installed on your system. If Only selected is chosen then only those modules that you check below will be granted to the user or group. If Add selected is chosen then the checked modules will be given to the users in addition to any that they have been granted by previous rules. If Remove selected is chosen the modules that you check below will be taken away from the user or group if they have been granted by a previous rule. In most cases the default of Only selected is all you will need for creating restriction rules.
  5. Hit the Create button to add and activate the restriction. It will immediately apply to all matching users, even those currently logged in.

** Figure 47-2 The module restrictions page

Once a restriction has been created you can edit it by clicking on the user or group name in the list on the Module Restrictions page. This will take you to an editing form similar to the one in Figure 47-2. Change the user or group or list of modules and hit Save to activate the new selections, or use the Delete button to remove the restriction from the list altogether. Because the ordering of restrictions matters you can move them around in the list with the up and down arrows that appear in the right-most column on the restrictions page. Again, any changes to the list will take effect immediately.

Normally if no restrictions exist, all users will have access to all modules. This can be changed by clicking on the *Available Modules* icon on the main page and de-selecting those that nobody should have access to. Modules taken away in this way cannot be granted back to specific users on the module restrictions page. Because module restrictions are far more flexible that using the Available Modules page to control which ones are visible, there is no real need to use it.

Limiting who can login

By default Usermin lets any Unix user on your system login, even root. If this is not what you want, it can be configured to allow or deny access by only certain users or the members of certain groups. This can be useful if many users on your system exist only to receive and download email or upload files with FTP, or if you want to deny root access. It is also possible to prevent users from logging in if they do not have a shell in a certain file, just as most FTP servers do.

To control who can login to Usermin, follow these steps :

  1. Click on the Allowed Users and Groups icon on the module's main page.
  2. To give only certain users access, select Only allow listed users and fill in the text box with a list of user and group names. Groups must be prefixed with an @ (such as @users), and match if the user attempting to login is a primary or secondary member. Alternately you can allow everyone except certain users by selecting Deny listed users and entering user and group names to block.
  3. The WU-FTPD and ProFTPD? servers deny access to any user whose shell is not listed in the /etc/shells file, so that you can create users who cannot make FTP logins. Usermin can be configured to do the same thing by checking the Deny users whose shells are not in file and entering /etc/shells into the adjacent text field.
  4. Hit the Save button to activate the new restrictions. They will not effect users who are already logged in though.

About the Usermin modules

This sections lists the modules that are included with Usermin 0.990, and provides a brief explanation of what each one does and how safe each is for un-trusted users to have access to. Not all modules are available on all operating systems, due to the differences between the various varieties of Unix.

You might be wondering "What is so harmful about letting users run commands on my server?". The reason is that, historically, many more security holes have existed for Unix systems that can give a normal user root privileges than those that allow some other system on the network to gain root access. Any user who can run a command can potentially exploit one of these holes, so it is better to avoid this where possible. Users who can run commands can also use up large amounts of memory, CPU time or network traffic by starting resource-wasting processes, which can make your system nearly un-usable.

Configuring the Usermin Configuration module

This Webmin module has only a single setting that can be changed by clicking on the Module Config link on its main page. It is :


Edit | Attach | Backlinks: Web, All Webs | Printable | History: r4 < r3 < r2 < r1 | More topic actions

Doxfer is docs for...anything!Copyright © by the contributing authors. All material on Doxfer is the property of the contributing authors.
Ideas, requests, problems regarding Doxfer? Send feedback