Comments on: YaST WEB Blogs and Ramblings of the openSUSE Members Fri, 06 Mar 2020 17:50:09 +0000 hourly 1 By: Stefan Schubert Wed, 25 Feb 2009 21:01:16 +0000 Yes, you are right there is a user management in Webmin. That was my fault.
BUT have a look to there homepage:
As far I have understood Webmin is still running with root privileges:

“Because Webmin still runs with full root privileges even when used by a restricted user, it still has access to all the configuration files and commands that it needs.”

Due that they are not really convinced about that concept:

“You must be very careful when granting access to un-trusted Webmin users though, as even a small mistake in the access control configuration may allow the user to edit arbitrary files on your system or run commands as root. All it takes is a small hole for an attacker to sneak through and take total control of your system. Webmin’s access control capabilities give you the power to lock down users, but only if used properly.”

So Webmin has the same problem as YaST: The complete application runs with root privileges. So from the security side this is horrible and will be not
useful for a server product. That’s why we have not gone that way in YaST and that’s the reason why YaST does not have a user management.

Since the combination of pam,policyKit and DBUS we have the chance to close that gap.

By: Lars Sat, 21 Feb 2009 00:41:13 +0000 > no user management and right access management.

Sorry, this is wrong since at least the year 2001. Webmin allows to define users and groups as known on Unix/Linux machines. These users/groups can get “acls” depending on the implementation in the used modules.

So – for example – it’s already possible with webmin to define a “usermanager” group, which is allowed to manage users on a machine, and add users to this group. It’s even possible to allow just to add users instead of deleting or modifying existing ones.

From this point of view, webmin is very useful for server products as it allows a fine granulary access management for each module (and even the submodules) – more useful than YaST in it’s current state.

By: Duncan Mac-Vicar P. Thu, 05 Feb 2009 23:05:17 +0000 Hi Christopher.

That is why there is a web service and a web client.

On the desktop side the need is not that big like in the appliance market. Your own router usually requires turning it on and accessing it via a web browser to setup the basic stuff. People running appliances expect more or less the same.

However, on the desktop side, having a web service allows applications, scripts and frontends to use simple http requests to get and set configuration (the web client is actually that, a very thin application doing http get’s and post’s to the service), while YaST retains all the business logic, and in a secure manner. This opens a new door to the community. You can use http from any language/platform out there.

By: Stefan Schubert Thu, 05 Feb 2009 09:12:55 +0000 subjective (which is discussable :-))
webmin is well a know administration tool for experts and NOT for “normal” users.
Additional, over the years I have gotten the impression that the devolopment of webmin
has lost “speed”. See comment of Rob.

webmin runs with “root” rights and cannot run with other user accounts. There is
no user management and right access management.
So, from the security side it is not useful for server products.

By: freyk Thu, 05 Feb 2009 07:01:33 +0000 Why not using webmin as a base for the works on this webbased yast?

By: Christopher M. Hobbs Wed, 04 Feb 2009 22:15:16 +0000 While I appreciate the development, I’m not sure how much I dig this idea. I like YaST as it stands, but I don’t see a huge need for YaST web services.

I suppose that as long as it doesn’t run on startup out of the box, it wouldn’t be a bad idea. It’s always good to give people options.

You’ve made some real progress here, keep up the great work!

By: Rob Wed, 04 Feb 2009 13:19:39 +0000 This is a horrible idea! Webmin has been around for years, but not become a de facto standard.

I really like fact that YaST will work with a terminal, and not require complicated client software like a web browser to function.

By: Duncan Mac-Vicar P. Tue, 03 Feb 2009 16:53:34 +0000 You don’t work in software development do you?

The YaST web service still reuses lot of knowledge encapsulated in the ycp modules. We are aiming for an evolution of YaST to the web world, an interoperable YaST.

By: Andrew Tue, 03 Feb 2009 13:46:35 +0000 How about getting rid of YaST altogether? I like that idea much better than this convoluted mess. Keep it simple, stupid.

By: Philip Tue, 03 Feb 2009 12:08:48 +0000 This looks really cool!