I’m a brand new user of webmin and virtualmin, as of yesterday. I’m also new to linux admnistration. The project I’m working on is a Drupal multisite and we have moved to a new host because our last host was resistant to using anything but cpanel/whm and we needed the greater capabilities of webmin and virtualmin. We’re running on debian.
We’re going to need to do a lot of the standard stuff (creating servers, et al) programmatically, and I have found the documentation for that. I need to use the command line programs, and the docs say that they are in /usr/libexec/webmin/virtual-server but there is no libexec directory under /usr. Is there some other place these might be (I did a ‘find’ and did not find them). I also entered ‘create-domain.pl --help’ in virtualmin’s command line shell, and it couldn’t find it. Do these need to be installed separately?
One related question about programmatic functions. As opposed to using the http requests from our web application, would it be more secure to store the key info in our database and run a script from cron that creates the command line by reading that key info from the database?
[code:1]I need to use the command line programs, and the docs say that they are in /usr/libexec/webmin/virtual-server[/code:1]
That particular path is specific to RedHat and CentOS.
On Debian or Ubuntu, that’s actually in “/usr/share/webmin/virtual-server”.
As opposed to using the http requests from our web application, would it be more secure to store the key info in our database and run a script from cron that creates the command line by reading that key info from the database?
If you’re asking, is it safer to store a key/password in a database rather than on the filesystem, my opinion is “maybe, but if so, only slightly”.
The problem is that to store a key/password in the database, your script still needs to be able to access the database. And to do that, you’ll end up storing the database password in your code somewhere, or in a file on the filesystem, or similar.
So now there may be an extra step to get at the info your hiding in the database, but it’s not a particularly difficult step for an attacker to make
My suggestion is that whatever you end up doing, make sure that password information is not world readable in the files you store it in.
And also make sure not to put literal passwords in the command line of a program, as commands and their arguments can be seen by other users on the system running a "ps auxw".
You should have a command "virtualmin" that just knows where the commands are. But, you want to leave off the .pl.
So:
virtualmin create-domain --help
Is the way to go.
Also, just running “virtualmin” with no options or with --help will hopefully guide you toward correct use of all of the available commands. We need to update the docs to reflect the ‘virtualmin’ wrapper command.
