Cover V12, I10

Article
Figure 1
Figure 2
Figure 3
Figure 4
Figure 5
Figure 6
Figure 7

oct2003.tar

Managing Services with Webmin

Keith Pettit

Learning and maintaining all the text files for the services available in Unix is a daunting task for systems administrators, so an admin tool that can help manage those services is essential for your toolkit. Enter Webmin -- Webmin is a modular Web-based configuration tool that allows you to configure just about every service available on Unix. Webmin was first released by James Cameron in 1997. James needed a way to let less-experienced users add DNS records to the zone files through a Web interface at his company. After James wrote his first simple program, he thought that a Web browser could be used to manage other things as well, and Webmin grew from there.

Most distributions come with their own set of configuration tools like redhat-config, YaST, or various command-line tools. But if you have multiple systems to maintain, different configuration tools on the systems can be more of a hindrance than a help. Webmin works on 40+ distributions (including Red Hat, SuSE, Sun, Mac OSX, Mandrake, UnitedLinux, and FreeBSD), which means you can use the one tool to administer different Unix flavors. Webmin is distributed under the BSD license, so it can be freely distributed and modified for commercial and non-commercial use.

One advantage to using Webmin is it's Web-based, so you just need a browser that can handle HTML and tables. (The command-line jockeys can use lynx.) There are a couple modules (such as the File Manager and SSH client) that use Java, so for those you need a browser that can handle Java. See Figure 1.

Webmin includes its own mini-Web server, which means you don't need to rely on Apache (although it can work with Apache) to administer your machines. You can run it on any port (it defaults to port 10000), and setting it up to use SSL is a breeze. You can also configure it to allow or deny access based on IP addresses. Webmin and its modules are written in Perl, except for a couple Java-based modules. (If you know Perl, there is also good documentation for creating your own modules.)

When I first started to learn Linux, it was hard to figure out how to configure all the different services. I spent quite a bit of time going through man pages, mailing lists, searching the Web, etc. When I was first introduced to Webmin, however, it gave me a great interface to point-and-click though the most common features. It dramatically cut down the time I needed to set up certain services. For example, I wanted to use MySQL, but had never used any SQL service before so I had to deal with that initial learning curve. With Webmin, I was able to click on the MySQL module and see what databases I had, create new ones, browse tables, stop/start/restart, add/edit/delete users, and so on.

Setting up Webmin

To see if your operating system is supported, check the list at: http://www.webmin.com/support.html. Next, download the latest version of Webmin from: http://www.webmin.com/download.html. You can choose from .tar.gz, rpms, and pkg files. For this article, I'll use the tar.gz version since that will work for most people.

After you have downloaded and extracted the file, run ./setup.sh. This script will ask a few questions such as where you want Webmin's config files, logs, Perl location, etc. The main thing to remember is the username and password, and port that you set up so you can log into the system later.

Using Webmin

When you first use Webmin, it's important to know some basics such as setting up SSL, upgrading Webmin, adding additional modules, and how to manage Unix users and users for other modules/services. The rest of this article will cover the basics necessary to run Webmin.

To log into Webmin, go to: http://localhost:10000 (if you're on the local machine) or http://domainname:10000. See Figure 2. Most machines will not have SSL turned on as a default (I'll cover SSL in the next section). Type in the username and password you used when setting up Webmin. If you installed the RPM version, you'll log in as root with your root password.

Webmin Configuration

When you first log into Webmin, listed at the top are seven sections for the major categories of Webmin modules: Webmin, System, Server, Networking, Hardware, Cluster, and Others. See Figure 3. The Webmin configuration category is like the control panel for Webmin, where you can upgrade, allow/deny access, add Webmin users, or set up SSL.

Turn on SSL

The first thing I like to do when I set up Webmin is turn on SSL. Webmin is a very powerful tool, and unless you have SSL turned on, it's easy for a hacker to sniff your password. Turning SSL on is easy -- on most systems, it's just a matter of installing the Perl NET_SSLeay module, then telling Webmin to use SSL. You can actually do all of this within Webmin by following these steps:

1. Log into Webmin.

2. Click on the "Others" tab.

3. Click on the "Perl Modules" module. See Figure 4.

4. On the top line "From CPAN, named", enter "Net::SSLeay".

5. Click the "install" button.

6. It will then download the Perl module and provide some options. In the drop-down menu, choose "Make and Install" then click "Continue with Install". Be sure to look through the installation dialog to see whether it was successful. (This has been tested with Red Hat 8 and SuSE 8.0 and 8.1. When I tried this with Red Hat 9.0, the Perl module failed to install, which is a known problem with Red Hat 9 and Perl.)

7. Click on the "Webmin" tab, "Webmin Configuration", then "SSL Encryption".

8. Click "Yes" on "Enable SSL if available", then "save".

9. This turns on SSL and re-directs the browser to https:// link to your site.

Upgrade Webmin

Webmin has a great feature that allows this Web application to update itself online, which makes updating Webmin trivial:

1. Select the "Webmin" tab, then "Webmin Configuration".

2. Be sure that "Latest version from www.webmin.com" is selected under the "Upgrade Webmin" section, then the "Check GnuPG signature on package?" is selected, then click on "Upgrade Webmin". This will download and install the newest version of Webmin (if available).

3. Once the new version is installed, there will be a link that asks whether you want to update the Webmin modules. Click on the link and it will update or install the core modules from Webmin.

Add Third-Party Webmin Module

Third party modules for Webmin are listed at http://webmin.thirdpartymodules.com/. Webmin has a slick way to install these modules; all you need to do is get the link to the actual module and feed that into the "Webmin Modules" module, and it will download and install it.

1. Select the "Webmin" tab, then "Webmin Modules".

2. Click "From ftp or http URL", then paste in the URL to the .wbm Webmin Module file (for example, http://www.webmin.com/webmin/download/modules/vnc.wbm, which adds a vnc client Java applet. vncserver must be started for this applet to work.)

3. Then select "Install Module from File".

User Access

One of the great features of Webmin is the ability to add users. Since Webmin has its own user management system, you can create users that exist only in Webmin, or you can use system users. Webmin has some tools that will allow you to convert Unix/Linux users to Webmin users. Once the users are created, it defaults to use PAM for authentication, or it will use /etc/shadow if PAM isn't configured or available.

For this example, we want to create a "users" group within Webmin that has the ability to access Webmin's ssh client, which would give users the ability to log into Webmin and have ssh access to the server:

1. First, we must create a Webmin group to which we will add the Unix/Linux users. Select "Webmin", then "Webmin Users".

2. Next, click on "Create a new Webmin group".

3. For groupname, type the "users" (or whatever group name you want), then select the modules to which this group will have access. In this example, we want users to have access to the "SSH/Telnet Login" module. Select that box and "Save".

4. We now have a couple options. You can click on "Create a new Webmin user" if you just want to add one user, or you can convert a Unix/Linux user. In this example, we want to allow a list of our system users to have access to the SSH/Telnet login. Select "Convert UNIX users to Webmin users".

5. You can now select all users, or specific users. For our example, we'll select specific users. Select "Only users" then click the box to the right of that field, which will pop up a list of your Unix users so you can specify the users who will have access, which should move them to the list on the right. Once completed, select the "Ok" button, which will populate the "Only users" field with a space-delimited list of the users.

6. Select the group from the "Assign new users to Webmin group" from the dropdown box. Check the "User same password as Unix user in future". (When a Webmin user is set to use the same password as Unix, Webmin will use PAM to validate the password if the Authen::PAM Perl module is installed, which will only work if a PAM service called "webmin" exists. However, if Authen::PAM is missing, Webmin will instead try to get the password directly from /etc/shadow, which generally works fine. Either way, a change of password with the passwd command will affect Webmin, too.

7. Next, select the "Covert Now" button. This page will list all of your Unix users that are either being skipped or added to Webmin. The Webmin users will have the access to whatever modules their group can access. But once the users are created, you can add additional modules.

Managing Users and Groups in Webmin

Webmin's "Users and Groups" module is very good. See Figure 5. It gives you every option you need, and then some. I've found that this module gives me more ability than both Red Hat's and SuSE's user management tools. It's important to set up this module in a consistent manner because because most Unix distributions set up users and groups differently. Red Hat, for example, creates a new group for every user, but SuSE adds new users to the "users" group.

Configure "Users and Groups module"

1. Select the "Systems" tab, then "Users and Groups".

2. Next, select "Module Config".

Managing Users in Other Services

Webmin simplified user management across different Unix applications with their "User and Groups module". For example, you may already have users added in Unix, but you must add the users and set their passwords for them to also access Samba. This can be annoying on a large system, but if you use Webmin's "Users and Groups" module, you can set it up to also add/edit/delete users in other services (such as MySQL, Postgres, Samba, and Apache). For example, in Samba:

1. Select the "Servers" tab, then "Samba Windows File Sharing".

2. Click on "Configure automatic Unix and Samba user synchronisation".

3. Check all the boxes, "Apply", and you're all set.

Note that this does not convert current Unix users, but only applies to new users. Also, you must use the Webmin "Users and Groups" module to add/edit/delete users for it to work.

Cool Webmin Modules I Can't Live Without

SSH/Telnet

Like the module name suggests, SSH/Telnet gives you a great little Telnet or SSH terminal via a Java Applet. Thus, when I travel and only have access to a hotel guest computer, I can go through Webmin and use this little applet. It does default to Telnet, and the size is usually too small for me, so to change these defaults:

1. Select the "Others" tab, "SSH/Telnet Login", then "Module Config".

2. Change "Connection type" to "Secure Shell".

3. Change "Applet size" to "Custom Size".

File Manager

File manager provides the ability to view and sort files and folders, edit files, upload, delete, copy, paste, link, find, etc. It's a great tool if you prefer a GUI or just don't want to use the shell.

Disk and Network Filesystems

This module is a front end for /etc/fstab. See Figure 6. I sometimes have a hard time remembering the fstab syntax for mounting some types of filesystems (like an iso image or a Samba share). This module makes it a breeze. Here is a simple way to mount a Samba share though your fstab:

1. Select the "System" tab, then "Disk and Network Filesystems".

2. In the drop-down menu, select "Windows Networking Filesystem (smbfs)", then click "Add mount".

3. From there, just fill in the basic information. (Minimally, you need "Mounted As", "Server Name", and "Share Name".)

4. Select "Create", and you're done.

Scheduled Cron Jobs

Scheduled cronjobs is another module I use frequently because I forget the proper syntax. It's painful when you want to have a cronjob run once a day, but it runs once an hour because of the wrong syntax. This module fixed those problems for me. To create a new cronjob:

1. Select the "Systems" tab, then "Scheduled Cron Jobs".

2. Select "Create a new scheduled cron job".

3. As a minimum, you need to select "Execute cron jobs as", "Command", and all the times you want the job to run (you can multi-select) in "When to execute". See Figure 7.

Conclusion

Webmin is a great tool for an admin's toolkit. It's free, open source, easy to use, and has a great community of support and development. However, I recommend that Webmin not be used unless SSL is turned on, and/or IP access control is limited. Good luck!

Resources

Webmin -- http//:www.webmin.com

Webmin modules -- http://webmin.thirdpartymodules.com

Managing Linux Systems with Webmin by Jamie Cameron, Prentice Hall PTR; 1st edition (July 7, 2003)

Keith Pettit has worked with Linux for the past six years and is currently a systems administrator and freelance writer and contractor. He spends most of his time working with Linux, and on: http://www.setuplinux.com. Keith can be contacted at: keith@setuplinux.com.