Logo OS Reviews

Reviewing Freedom.

Administration

Usermin

User's Little Helper

Hendrik Weimer

2006-06-20

Print version

Slashdot me! Digg me! Stumble me! del.icio.us

Usermin is a web-based solution to let users do various tasks using a web front-end instead of the command line interface. This is useful both for users unfamiliar with the CLI and for administrators who want to give only very limited access to a system. If you are familiar with the Webmin tool for server administration you will recognize many features of the user interface.

Using Usermin to upload files

Using Usermin to upload files
(click to enlarge)

Many modules are included in Usermin. They are grouped into four categories: Mail, Login, Applications and Others. In the Mail category you can read and write mail, set forwarding rules, edit Procmail and SpamAssassin filters and the like. Each entry provides both an easy-to-use web form and an option to manually edit the configuration files. The Login category provides access to SSH profiles, allows to change your password or run a command in a shell. In the Application category you will find a front-end to GnuPG, client applications for MySQL and PostgreSQL and a powerful up- and download tool.

It is possible to disable some functions via ACLs in a configuration file. So if you only want to allow users to read their e-mails you don't need to give them access to controls that provide interactive access to the system.

Security is not a big problem for Usermin. If you limit access for a user to a specific resource you can be sure that he only has access to them and nothing more. Most commands are executed not as the user running the Usermin process but the as the user that is logged in. A code audit by OS Reviews only found a denial of service attack that changes the shell of the root account to a nonsensical value. This can be achieved by calling the "Change User Details" menu and setting the user's shell to an empty value. The subsequent call to chsh changes the login shell of the root user instead of the user that is logged in. Using some well-known social engineering techniques (taken from Practical UNIX & Internet Security) it might even be possible to obtain root access.

The documentation for Usermin is virtually nonexistent. There is a chapter in the Webmin book that covers some aspects, but is mainly focussed on the Webmin module for configuring Usermin. However, most of the configuration files are more or less self-explanatory. The actual web front-end offers a help text for some modules.

If the modules that come with Usermin don't satisfy your needs, you can write your own Perl modules to include additional features. The procedure for this is pretty straight-forward.

Altogether, Usermin is quite useful both for helping users unfamiliar with the command line and for effectively restricting users to non-interactive access.

Got a question on Usermin? Post it as a comment!

Usermin
Version:1.200
Homepage:http://www.usermin.com/
License:BSD
Distributions: [?]■ Debian stable□ Debian unstable
□ Fedora■ Mandriva
□ Suse□ Ubuntu
Pros:
Rating:

83

  • Many modules
  • Robust implementation
Cons:
  • Poor documentation

Copyright 2006–2008 OS Reviews. This document is available under the terms of the GNU Free Documentation License. See the licensing terms for further details.

  • Advertisement