Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
Webmin under Apache:some perms&ownerships? [SOLVED][GAVE
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
petlab
Apprentice
Apprentice


Joined: 03 May 2004
Posts: 290
Location: Armpit, Oregon

PostPosted: Wed May 25, 2005 9:06 pm    Post subject: Webmin under Apache:some perms&ownerships? [SOLVED][GAVE Reply with quote

Question: What should be the ownership & perms for my directory /etc/webmin ? I am reading www.webmin.com/apache.html.

Details: I am running apache2 under apache:apache. I have added apache to its own group - I don't know if this was necessary, but I see that root is listed as a member of root, so...

I can access the site, which is in a dynamic virtual host. That part is pretty much working. However, I have run into the problem "can't access module.infos.cache" in the browser window. This file is under /etc/webmin.

Thanks in advance.

[EDIT] I am going to give up and run the miniserv.pl, but add port knocking to it


Last edited by petlab on Thu Jun 16, 2005 5:17 pm; edited 2 times in total
Back to top
View user's profile Send private message
msalerno
Veteran
Veteran


Joined: 17 Dec 2002
Posts: 1338
Location: Sweating in South Florida

PostPosted: Wed May 25, 2005 9:47 pm    Post subject: Reply with quote

What about the error logs? Is there anything in the apache error logs? It's usually a pretty good place to look for errors.
Back to top
View user's profile Send private message
petlab
Apprentice
Apprentice


Joined: 03 May 2004
Posts: 290
Location: Armpit, Oregon

PostPosted: Wed May 25, 2005 10:11 pm    Post subject: Reply with quote

Well, I am doing this remotely, so there are log entries under ssl_something_log:

Code:
ssl_request_log:

[25/May/2005:21:58:41 +0000] SSLv3 RC4-MD5 "GET / HTTP/1.1" 984
[25/May/2005:21:58:42 +0000] SSLv3 RC4-MD5 "GET /images/letters/69.gif HTTP/1.1" -
[25/May/2005:21:58:42 +0000] SSLv3 RC4-MD5 "GET /images/letters/114.gif HTTP/1.1" -
[25/May/2005:21:58:42 +0000] SSLv3 RC4-MD5 "GET /images/letters/111.gif HTTP/1.1" -


ssl_access_log:

-  [25/May/2005:21:58:41 +0000] "GET / HTTP/1.1" 200 984
-  [25/May/2005:21:58:42 +0000] "GET /images/letters/69.gif HTTP/1.1" 304 -
-  [25/May/2005:21:58:42 +0000] "GET /images/letters/114.gif HTTP/1.1" 304 -
-  [25/May/2005:21:58:42 +0000] "GET /images/letters/111.gif HTTP/1.1" 304 -

ssl_error_log:

[Wed May 25 21:58:42 2005] [info] Connection: Client IP: , Protocol: SSLv3, Cipher: RC4-MD5 (128/128 bits)
[Wed May 25 21:58:42 2005] [info] Connection to child 5 closed with standard shutdown(server www..com:443, client )
[Wed May 25 21:58:42 2005] [info] Connection: Client IP: , Protocol: SSLv3, Cipher: RC4-MD5 (128/128 bits)
[Wed May 25 21:58:42 2005] [info] Connection to child 1 closed with standard shutdown(server www..com:443, client )


These logs just show that I am getting the error page.

I think I need to find out which user/group is trying to access /etc/webmin/module.infos.cache. However, this isn't clear to me yet.

I want to find a log that tells me "hey, this user can't access module.infos.cache" but no luck so far. I know that the "programs" in /usr/libexec/webmin are to be set as root:root and 6755.
And I know that apache runs as apache:apache.

So, I will try adding apache to group root. HOWEVER, this seems like a BAD IDEA.

[EDIT] Yeah, adding it to group root didn't work.
Also, note that I can't get to it from inside, either. So it doesn't seem to be a ssl issue.
Back to top
View user's profile Send private message
petlab
Apprentice
Apprentice


Joined: 03 May 2004
Posts: 290
Location: Armpit, Oregon

PostPosted: Thu Jun 16, 2005 5:16 pm    Post subject: Reply with quote

So, what I did was just use the miniserv.pl (the standard way)

I access it thru some port, which I can change once in a while, and use SSL and password authentication. I used a really long password.

I haven't put in port knocking yet. I manually ssh in, open a firewall port, start webmin, and when I am finished,
I turn it back off, and close the port. Slow, but at least it is "safe" and I am getting to try out webmin.

HTH
_________________
Get Serious - Get JAWA CZ
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum