[LON-CAPA-dev] webmin

Martin Siegert lon-capa-dev@mail.lon-capa.org
Thu, 28 Feb 2002 19:05:13 -0800 

On Thu, Feb 28, 2002 at 02:18:32PM -0500, Felicia Berryman wrote:

> On Thu, Feb 28, 2002 at 12:53:34PM -0500, Scott Harrison wrote:
>
> > Though the remote control can be used as a launch point for common
> > tasks.  It could help to think of what these common tasks are...
> > 
> > RPM updating
> > Testing
> > Status Reports
> > Process handling
> > Unix user management
> > Cron job management
> > Printer configuration
> > Samba
> > NFS
> > Appletalk
> > Time synchronization
> > Disk usage monitoring
> 
> Let's say we had to stop supporting the High School servers and their
> administrators had to take over and continue maintaining things just as
> they are now.  IF this is the case, then I think the following tools
> would be best:
> 
> RPM updating
> Unix user management
> Samba
> Appletalk
> 
> The other tools can be put on some advanced page (or just leave them out
> for now).  I think the four things above would be very successful and
> they we can worry about adding the others if needed.  I think the less
> the better.  Yes, we want to help users, but if easy tools exist, such
> as prittool and userconf, then I'm guessing it would be easier to set up
> the default desktop of the RedHat/LON-CAPA install with shortcuts to
> more advanced features.  My feeling is the less software to support, the
> better.  Of course, you want to encourage frequent updates.  In that
> case, the RPM updating through webmin is a great idea for that feature.
> 
> Basically, I've been responding to most of your emails concerning the
> administration interface because I see myself as taking over some of the
> more tedious responsibilities, such as updating the software.  I'm
> keeping in mind which things I access the most and which things I would
> need help with to start out easily.  
> 
> The only other suggestion I can think of it to have nice way to control
> backups and retrieving from backups.  I have the backup script for s10
> and I have the instructions for retrieving a backup from s10 (I tested
> it out a while back).  Actually, backing it up is much more important
> than retrieval.  If a rare circumstance occurs and a backup needs to be
> retrieved, it might work best by leaving this as an advanced feature on
> the desktop.

Just my 0.02 cents (CDN):

I must admit that the thought alone to do system administration that requires
root access over the web makes me shudder.
You open up a huge can of worms. All of the sudden not only programs that
are suid root and daemons that run as root can results in a root exploit
but bugs in your web server (how many of you have fixed php already?)
and even more importantly in your web browser (IE?) become relevant as well.

There is nothing wrong with doing the diagnostics over the web (sufficiently
protected by .htpasswd, .htaccess - you don't wont to tell everybody
which version of what software you are running; they find a lot
of that information without your help anyway), e.g., list rpm packages 
that need to be upgraded. But then do the upgrade the old fashion way:
ssh into the box, sudo (or su), rpm -Fvh ...

Cheers,
Martin

========================================================================
Martin Siegert
Academic Computing Services                        phone: (604) 291-4691
Simon Fraser University                            fax:   (604) 291-4242
Burnaby, British Columbia                          email: siegert@sfu.ca
Canada  V5A 1S6
========================================================================