Docstoc

webmin_apache

Document Sample
webmin_apache Powered By Docstoc
					Webmin and Apache                                                                        Page 1 of 4




                                                                                           Webmin V
                                                                                           Released:
                                                                                           Download

      Due to a security hole in Webmin, all users should upgrade to version 1.070

    Webmin and Apache


                           Webmin and Apache
   Webmin comes with a very simple webserver called miniserv.pl that is capable of doing
   all that is necessary for Webmin to run. However, it is not as fast or memory efficient as a
   well-developed server such as Apache. To use Apache instead of miniserv.pl, follow
   these steps :

      1. Create a new Apache virtual server with the document set to the directory where you
         installed Webmin, using a directive like DocumentRoot /usr/local/webmin-1.070.

      2. Configure Apache to treat all files with the .cgi extension as CGI programs, with the
         AddHandler cgi-script .cgi directive.

      3. Add index.cgi to the DirectoryIndex directive.

      4. Webmin CGI programs have their config directory passed to them in the
         WEBMIN_CONFIG, WEBMIN_VAR and MINISERV_CONFIG environment variables. For
         Apache to do this, you need to add the directives

         SetEnv   WEBMIN_CONFIG /etc/webmin
         SetEnv   WEBMIN_VAR /var/webmin
         SetEnv   SERVER_ROOT /usr/local/webmin-1.070
         SetEnv   MINISERV_CONFIG /etc/webmin/miniserv.conf

      5. Create a new <Directory> section for the root directory, like
         <Directory /usr/local/webmin-1.070>
         </Directory>

      6. Add the directive Options ExecCGI to the new <Directory> section.

      7. Password-protect the virtual server by putting directives like
         AuthName Webmin
         AuthType basic
         AuthUserFile /etc/webmin/htusers
         require valid-user
         Inside the <Directory> section. The file /etc/webmin/htusers       must contains users
         who match up with those in /etc/webmin/webmin.acl.

      8. Make all the Webmin programs owned by root and setuid with the commands
         chown -R root:root /usr/local/webmin-1.070
         chmod -R 6755 /usr/local/webmin-1.070




http://www.webmin.com/apache.html                                                          3/18/2003
Webmin and Apache                                                                          Page 2 of 4




      9. Add the -U flag to the perl line in all the Webmin scripts. This can be easily done
         with the following command run from the webmin-1.070 directory
         find . -name "*.cgi" -o -name "*.pl" | perl perlpath.pl
         "/usr/bin/perl -U" -
         This assumes that Perl is installed as /usr/bin/perl on your system.

    10. Configure Webmin to use the 'Default Webmin Theme', as Apache cannot support
        Webmin's theming system.

    11. Make sure that the setuid scripts cannot be run by other users on your system,
        by setting the permissions on /usr/local/webmin-1.070 to 700 and changing its
        ownership to the user your webserver runs as. Otherwise any user would be able
        to execute any command as root by running some of the scripts.

   You should now be able to start Apache and login to Webmin at whatever URL your
   Apache server is running on. Note that the Webmin Users and Webmin Configuration
   modules will not work, as they configure miniserv.pl and cannot deal with Apache.


   In Webmin versions 0.965 and above, it is possible to run Webmin under Apache in a
   subdirectory rather than at the top level of a virtual server. This means that Webmin could
   be accessed at a URL like http://www.yourdomain.com/webmin/ . The steps to take to set
   this up are :

      1. Create a new Alias that maps some URL path like /webmin to the directory where
         Webmin is installed, such as /usr/local/webmin-1.070.

      2. Add the line webprefix=/webmin to /etc/webmin/config.

      3. Add a <Directory> section to Apache for /usr/local/webmin-1.070.

      4. In the directory section, configure Apache to treat all files with the .cgi extension as
         CGI programs, with the AddHandler cgi-script .cgi directive.

      5. Add the directives DirectoryIndex index.cgi and Options ExecCGI to the
         directory section.

      6. Webmin CGI programs have their config directory passed to them in the
         WEBMIN_CONFIG, WEBMIN_VAR and MINISERV_CONFIG environment variables. For
         Apache to do this, you need to add the directives

         SetEnv   WEBMIN_CONFIG /etc/webmin
         SetEnv   WEBMIN_VAR /var/webmin
         SetEnv   SERVER_ROOT /usr/local/webmin-1.070
         SetEnv   MINISERV_CONFIG /etc/webmin/miniserv.conf

      7. Password-protect the virtual server by putting directives like AuthName Webmin
         AuthType basic
         AuthUserFile /etc/webmin/htusers
         require valid-user
         Inside the <Directory> section. The file /etc/webmin/htusers        must contains users
         who match up with those in /etc/webmin/webmin.acl.

      8. Make all the Webmin programs owned by root and setuid with the commands




http://www.webmin.com/apache.html                                                           3/18/2003
Webmin and Apache                                                                        Page 3 of 4



         chown -R root:root /usr/local/webmin-1.070
         chmod -R 6755 /usr/local/webmin-1.070

      9. Add the -U flag to the perl line in all the Webmin scripts. This can be easily done
         with the following command run from the webmin-1.070 directory
         find . -name "*.cgi" -o -name "*.pl" | perl perlpath.pl
         "/usr/bin/perl -U" -
         This assumes that Perl is installed as /usr/bin/perl on your system.

    10. Configure Webmin to use the 'Default Webmin Theme', as Apache cannot support
        Webmin's theming system.

    11. Make sure that the setuid scripts cannot be run by other users on your system,
        by setting the permissions on /usr/local/webmin-1.070 to 700 and changing its
        ownership to the user your webserver runs as. Otherwise any user would be able
        to execute any command as root by running some of the scripts.


   Another way of setting up Apache without using setuid scripts is as follows. This option
   requires that Apache be re-compiled with the -DBIG_SECURITY_HOLE flag to run CGIs
   as root though ..

      1. Configure Apache to run as root, using the User root and Group root directives.

      2. Set the Apache document root to the directory where you installed Webmin, using the
         directive DocumentRoot /usr/local/webmin-1.070.

      3. Configure Apache to treat all files with the .cgi extension as CGI programs, with the
         AddHandler cgi-script .cgi directive.

      4. Add index.cgi to the DirectoryIndex directive.

      5. Webmin CGI programs have their config directory passed to them in the
         WEBMIN_CONFIG, WEBMIN_VAR and MINISERV_CONFIG environment variables. For
         Apache to do this, you need to add the directives SetEnv
         WEBMIN_CONFIG /etc/webmin and SetEnv WEBMIN_VAR /var/webmin.

         SetEnv SERVER_ROOT /usr/local/webmin-1.070
         SetEnv MINISERV_C0NFIG /etc/webmin/miniserv.conf.

      6. Configure Apache to use the Webmin users file with the directives AuthType basic,
         AuthUserFile /etc/webmin/miniserv.users, and require valid-user.

   You should now be able to start Apache and login to Webmin at whatever URL your
   Apache server is running on. Note that the Webmin Users and Webmin Configuration
   modules will not work, as they configure miniserv.pl and cannot deal with Apache.




       Return to index




http://www.webmin.com/apache.html                                                          3/18/2003
Webmin and Apache                   Page 4 of 4




http://www.webmin.com/apache.html    3/18/2003

				
DOCUMENT INFO
Shared By:
Categories:
Tags:
Stats:
views:2
posted:1/30/2013
language:English
pages:4