[LON-CAPA-dev] webmin

Scott Harrison lon-capa-dev@mail.lon-capa.org
Thu, 28 Feb 2002 22:21:08 -0500 

Perhaps (in the spirit of the ultimate
configure-everything-in-the-universe)
webmin-istration can be:
* turned off
* only temporarily enabled when needed
* or launch/direct the webmin to do a ssh connection when
needed/applicable/sensitive

I lean toward the third option...
-Scott

Martin Siegert wrote:
> 
> On Thu, Feb 28, 2002 at 02:18:32PM -0500, Felicia Berryman wrote:
> 
> > On Thu, Feb 28, 2002 at 12:53:34PM -0500, Scott Harrison wrote:
> >
> > > Though the remote control can be used as a launch point for common
> > > tasks.  It could help to think of what these common tasks are...
> > >
> > > RPM updating
> > > Testing
> > > Status Reports
> > > Process handling
> > > Unix user management
> > > Cron job management
> > > Printer configuration
> > > Samba
> > > NFS
> > > Appletalk
> > > Time synchronization
> > > Disk usage monitoring
> >
> > Let's say we had to stop supporting the High School servers and their
> > administrators had to take over and continue maintaining things just as
> > they are now.  IF this is the case, then I think the following tools
> > would be best:
> >
> > RPM updating
> > Unix user management
> > Samba
> > Appletalk
> >
> > The other tools can be put on some advanced page (or just leave them out
> > for now).  I think the four things above would be very successful and
> > they we can worry about adding the others if needed.  I think the less
> > the better.  Yes, we want to help users, but if easy tools exist, such
> > as prittool and userconf, then I'm guessing it would be easier to set up
> > the default desktop of the RedHat/LON-CAPA install with shortcuts to
> > more advanced features.  My feeling is the less software to support, the
> > better.  Of course, you want to encourage frequent updates.  In that
> > case, the RPM updating through webmin is a great idea for that feature.
> >
> > Basically, I've been responding to most of your emails concerning the
> > administration interface because I see myself as taking over some of the
> > more tedious responsibilities, such as updating the software.  I'm
> > keeping in mind which things I access the most and which things I would
> > need help with to start out easily.
> >
> > The only other suggestion I can think of it to have nice way to control
> > backups and retrieving from backups.  I have the backup script for s10
> > and I have the instructions for retrieving a backup from s10 (I tested
> > it out a while back).  Actually, backing it up is much more important
> > than retrieval.  If a rare circumstance occurs and a backup needs to be
> > retrieved, it might work best by leaving this as an advanced feature on
> > the desktop.
> 
> Just my 0.02 cents (CDN):
> 
> I must admit that the thought alone to do system administration that requires
> root access over the web makes me shudder.
> You open up a huge can of worms. All of the sudden not only programs that
> are suid root and daemons that run as root can results in a root exploit
> but bugs in your web server (how many of you have fixed php already?)
> and even more importantly in your web browser (IE?) become relevant as well.
> 
> There is nothing wrong with doing the diagnostics over the web (sufficiently
> protected by .htpasswd, .htaccess - you don't wont to tell everybody
> which version of what software you are running; they find a lot
> of that information without your help anyway), e.g., list rpm packages
> that need to be upgraded. But then do the upgrade the old fashion way:
> ssh into the box, sudo (or su), rpm -Fvh ...
> 
> Cheers,
> Martin
> 
> ========================================================================
> Martin Siegert
> Academic Computing Services                        phone: (604) 291-4691
> Simon Fraser University                            fax:   (604) 291-4242
> Burnaby, British Columbia                          email: siegert@sfu.ca
> Canada  V5A 1S6
> ========================================================================
> _______________________________________________
> LON-CAPA-dev mailing list
> LON-CAPA-dev@mail.lon-capa.org
> http://mail.lon-capa.org/mailman/listinfo/lon-capa-dev

-- 
Scott Harrison -- Graduate Student
Microbiology and Molecular Genetics
Mich. State. Univ., East Lansing, MI
harris41@msu.edu, 517-353-0998