Custom Changes from Command Line

One of my team is an old “command line junky” so he will be testing extensively the issue of to what extent custom changes made from the command line will be “picked up” by VirtualMin and what will not. This was one of the truly horrible things about PLESK…it was a mine field, so much so, it was like “Sorry, your hands are tied, don’t touch anything or you will break it.”

On the other hand I see no reason to go deliberately "breaking the dishes" if some things are better done from within VirtualMin/WebMin (one day I will find out the diff between those two), I will set a policy for the team:
"You can do this and this and this in terminal; but please do this and this and this from inside the control panel."

Here is an example: Yesterday I made a test site on the primary/shared IP and included a PostGreSQL dBase. "deva.hindu.org"

  1. My man was able to SSH in using the pass word I sent him by email BAD! Any password sent by email is compromised and if it SSH that’s worse. (I don’t want virtual server users to have SSH, I’ll need to dig around and find where to turn that off) He changed the password immediately for the user “deva” using the standard unix cmd “passwd”… now, will VirtualMin pick up this change? Will it also be changed for FTP? What about the PostGreSQL log in for the default database “deva”

  2. He’s the CEO of a big company in San Deigo (Cast and Crew) and does a lot of dBase stuff… again, all from the cmd line. If he configures the tables for the new dBase “deva” will VirtualMin see those? What if he makes a new DBase (as user “deva”) but with a different name, all from terminal. what happens? Or course we will soon find out, and he’s searching the server to see (and then follow as a model) any structural set up by VirtualMin, but I’m just airing this out here to see what wisdom you might offer.

Again those are specifics, but I’m also looking for a generalized (if possible) of what can and what should not be customized from the terminal. Maybe this is “too big” a question and we have to go at it one thing at a time (each “feature” or setting may be very different and need definition before we can talk about it.)

Thanks!

VirtualMin/WebMin (one day I will find out the diff between those two)

Webmin is a general purpose web-based system administration tool for UNIX and Linux systems. It has no hosting related functionality, beyond the basics of managing BIND, Apache, Postfix, etc. in a general sort of way–it has no conception of a “virtual server” with mailboxes and VirtualHosts and BIND zones and databases that are all related to one another. It is like hitting the command line, only a bit easier and more consistent across services–you don’t have to know the fiddly syntax of BIND configuration files, or what a directive is called in httpd.conf, but you do need to know your way around a UNIX/Linux system to be very productive with it.

Virtualmin means two things:

  1. A Webmin module that automates management of virtual hosting accounts (with mailboxes, VirtualHosts, BIND zones, databases, mailing lists, applications, etc.)

  2. A full stack of applications that provides all of the features of a virtual hosting system. This is kinda what folks mean when they talk about Virtualmin here in the forums (usually). They’re talking about everything…Webmin, Usermin (our webmail client, among other things), and Virtualmin (plus the Virtualmin Framed Theme which makes Virtualmin easier to use and more obvious in the UI), plus all of the services for web, DNS, database, mail, etc.

We are the developers of all of the *min products, and they all work together as a team to provide the most powerful and flexible (if sometimes overwhelmingly large) virtual hosting management system on the planet. We are aware of how intimidating this can seem when you first pick it up–and we are working to make it nicer, pretty much every day.

1) My man was able to SSH in using the pass word I sent him by email BAD! Any password sent by email is compromised and if it SSH that's worse. (I don't want virtual server users to have SSH, I'll need to dig around and find where to turn that off) He changed the password immediately for the user "deva" using the standard unix cmd "passwd"... now, will VirtualMin pick up this change? Will it also be changed for FTP? What about the PostGreSQL log in for the default database "deva"

Yes, yes, and no (PostgreSQL). We use system users, but postgresql does not…so if you don’t change it using a tool that syncs all of those up, they will not all be synced up. Passwords kind of need to be changed within Virtualmin (or manually changed in all of the necessary places, including databases). But, luckily, a lot of stuff, including Virtualmin/Webmin uses PAM or the local passwd/shadow file for authentication.

There is a command line tool for changing passwords (modify-user.pl with the --pass flag), but it only works for the root user. We will probably add a version that is usable by everyone from the command line eventually. It’s not a common request, however…most folks are content to do it in the GUI.

2) He's the CEO of a big company in San Deigo (Cast and Crew) and does a lot of dBase stuff.. again, all from the cmd line. If he configures the tables for the new dBase "deva" will VirtualMin see those? What if he makes a new DBase (as user "deva") but with a different name, all from terminal. what happens? Or course we will soon find out, and he's searching the server to see (and then follow as a model) any structural set up by VirtualMin, but I'm just airing this out here to see what wisdom you might offer.

Yes and no. I think.

Tables created by your user in databases created by Virtualmin will work fine. Databases created from the command line might not (I don’t mean they won’t work–I mean they might not show up when he does login to Virtualmin with his user account). I’m not sure off-hand, as there are some additional restrictions based on the privileges you’ve granted in Virtualmin which can’t be applied on the command line. So, Virtualmin certainly won’t choke on the existence of other databases, but it might not accommodate them in the UI as well as you’d like. If not, we can probably fix it.

Again those are specifics, but I'm also looking for a generalized (if possible) of what can and what should not be customized from the terminal. Maybe this is "too big" a question and we have to go at it one thing at a time (each "feature" or setting may be very different and need definition before we can talk about it.)

We take great pride in how well we deal with configuration files, as we are unique in actually parsing them and understanding them in almost every case. We don’t re-generate the files from templates (Server Templates might lead you to think so, but those are user created templates that are there to ease customization of the virtual server creation process–they do not cause the http.conf or named.conf to be wholesale replaced whenever a new virtual server is created).

So, the short answer is: You can do pretty much anything from the command line (except the two things you mentioned above!). :wink:

httpd.conf changes are safe

named.conf changes are safe

Postfix main.cf changes are safe

dovecot.conf changes are safe

Database work is safe, though database creation might slip through the cracks–it won’t break anything, but it might not be accessible to the user in the GUI until you grant them access. Tables and rows are completely safe and will appear in the UI immediately.

Changes to the per-user /etc files is usually safe (and provides a lot of flexibility for users that want custom PHP settings, for example)

If you realize where we’re coming from–an Open Source general purpose system administration tool designed for real system administrators (the guy with the beard that lives in the caves of the server room year-round and only comes out to yell about all the resource usage those rotten developers are imposing on “his” servers…Jamie and I are both of that stock…we use vi and we take our tools seriously), it’ll possibly make our philosophy more apparent. We are building GUI tools, but we view it as a bug if we can’t tweak our configuration files by hand sometimes. So, Webmin (and thus Virtualmin) respects file order and comments, and won’t touch any directives that it doesn’t understand. This takes a lot more work than what our competitors do (they mostly generate config files from templates with a few variables filled in), but we’ve got nearly eleven years worth of code backing us up to help out with the job, so we’re still going faster than they are. :wink: