ServerBuddies Support Blog

In Usermin’s MySQL Database module, how can I restrict the databases that each user can see and use?

By default the module will list all of the databases on your system on the main page, even if some are not actually usable by the logged-in user. To change this, follow these steps :

Login to Webmin on the same server, and enter the Usermin Configuration module.

Click on Usermin Module Configuration.

Click on MySQL Database in the list.

In the Database access control list field, remove the existing *: * line and enter one line per user, containing the username, a colon and

list of databases he is allowed to use. For example, you could enter :

A * in the database column means all databases, while a * in the username column means any user not listed so far.

Hit the Save button to activate the restrictions.

Follow these steps :

In the Perl Modules module of Webmin, install

In the PAM Authentication module, add a new PAM service called webmin that uses Unix authentication.

In the Webmin Users module, create a new user called something like unixer, with access to the modules that you want all your Unix users to have access to.

In each of the modules unixer has access to, change the module access control to give your users rights only to their own accounts. For example, in the Change Passwords module you should select Only this user for the Users whose passwords can be changed so that Unix users logging in can only change their own passwords.

Click on Configure Unix user authentication below the list of Webmin users and choose Allow any Unix user to login with permissions of user unixer.

Any Unix user should now be able to login to Webmin on your system.

Again, if your system does not use PAM the first two steps can be skipped, and Webmin will read /etc/passwd or /etc/shadow file directly to authenticate users.

Another alternative to doing all this is to install Usermin, which allows all Unix users to login and access only settings belonging to them, using a similar interface to Webmin.

Running Webmin from inetd?

The steps you need to follow are:

Stop webmin with the command

Add the line

Remove the line

Edit /etc/services and add a line like :

Edit /etc/inetd.conf and add a line like :

If you have installed webmin somewhere else, you will have to change the /usr/libexec/webmin part of the path above.

Restart inetd to make the changes take effect.

You should now be able to access webmin on port 10000 as normal.

Using the Bootup and Shutdown module, make sure that inetd is configured to start at boot time, and that webmin is not.

How can I make a Webmin user always use the same password as their shell login?

This can be done by following these steps :

In the Perl Modules module of Webmin.

install Authen::PAM from CPAN.

In the PAM Authentication module, add a new PAM service called webmin that uses Unix authentication.

In the Webmin Users module, click on the user that you want to symchronize with Unix and set his Password option to Unix Authentication.

If PAM is not used on your operating system, the first two steps can be skipped.

Webmin will instead read the /etc/passwd or /etc/shadow file directly to authenticate users who are using the Unix Authentication password mode.

My browser complains about the Webmin certificate when in SSL mode.

This happens because the default SSL certificate that is generated by webmin is not issued by a recognized certificate authority.

From a security point of view, this makes the certificate less secure because an attacker could theoretically redirect traffic from your server to another machine without you knowing, which is normally impossible if using a proper SSL certificate.

Network traffic is still encrypted though, so you are safe against attackers who are just listening in on your network connection.

If you want to be really sure that the Webmin server you are connecting to is really your own, the only solution is to order a certificate from an authority like Verisign that is associated with your server’s hostname and will be recognized web browsers.

This certificate should be placed in the file

and be in the same certifcate+key format as the existing miniserv.pem file.

To request a certificate, follow these steps :

Run the command

This will create the file key.pem which is your private key.

Run the command

When it asks for the common name, be sure to enter the full hostname of your server as used in the URL, like www.yourserver.com. This will create the file req.pem, which is the certificate signing request (CSR).

Send the CSR to your certificate authority by whatever method they use.

They should send you back a file that starts with —–BEGIN CERTIFICATE—– which can be put in the file cert.pem.

Combine the private key and certificate with the command

Re-start webmin (making sure it is in SSL mode) to use the new key.