On Fri, Mar 28, 2003 at 01:40:12PM -0500, Larry Brown wrote: > This is kind of my point. Webmin runs as root or at least executes commands > as root. With Webmin you have access granted or denied by use of a login > mechanism. I can use a login mechanism on apache to do the same granting or > denial. So why wouldn't I be able to get apache to do the same? Is > webmin's server more secure in some way than Apache?
This is an excellent question. I can't give you an absolute answer but I can say that, in general, smaller, specifically purposed software packages, i.e webmin, are usually much more secure than large, complex, general purpose software packages, like Apache and php. I am not condemming Apache or PHP in any way, just recognizing what is true in general about all software. I know Both apache and PHP have had security vulnerability exploits announced in the past. I can't recall any for Webmin. > webmin's server more secure in some way than Apache. The problem I have > with Webmin is that I write most of my code in php which is not supported by > Webmin (or at least last I checked) and I'd rather use Apache. My ultimate > goal is of making system changes to affect modifications to IPSEC from > FreeS/WAN. This requires that I restart the network service, then turn ip > forwarding back on afterwards, and then restart the ipsec service which all > point to running apache as root. (or writing everything in perl and using > Webmin) You should be able to do this with a cgi-script and the sudo command. see "man sudo". Another option is kick off a script/command from -- Jeff Kinz, Open-PC, Emergent Research, Hudson, MA. [EMAIL PROTECTED] copyright 2003. Use is restricted. Any use is an acceptance of the offer at http://www.kinz.org/policy.html. -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://listman.redhat.com/mailman/listinfo/redhat-list
