For novice and intermediate administrators who may not yet be familiar with every feature of Linux, Webmin can be a huge time saver and take some of the guesswork out of error-prone tasks.
Traditionally, Linux system administrators have used command-line tools to do their jobs. These tools and commands are (mostly) usable across distributions, although some details vary from one system to another. They are, though, difficult to learn. An easier way to start is using GUI tools; however, these are unique to each Linux distribution, so if you switch from one to another, you’ll have to learn the configuration tools all over again.
A middle ground is provided by a package called Webmin, which is a Web-based system administration tool. With Webmin, you can administer almost any Linux system using the same point-and-click interface. In fact, Webmin can handle lots of non-Linux systems, too, including Solaris, FreeBSD, Mac OS X, and even Windows.
Why Use Webmin?
Webmin has several advantages over other administrative methods:
- It provides consistent GUI access, making it easy for novices to learn, and making it easy for experienced administrators to find obscure options.
- Its interface is consistent across distributions, simplifying the task of switching from one distribution to another or managing a network with multiple distributions — or even non-Linux systems!
- Its Web-based nature means that it’s possible to administer systems remotely via a Web browser. Furthermore, Webmin supports a clustering feature that enables you to administer multiple computers simultaneously, using a single command to (say) add a new user to a dozen computers.
Of course, each of these features is a double-edged sword; the simple and consistent interface can become a crutch, while remote Web-based administration can become a security risk. This last problem can be minimized by disabling Webmin’s remote access, as described shortly.
Overall, Webmin is best used by novice and intermediate administrators who must deal with multiple distributions or with both Linux and non-Linux Unix systems. Webmin provides access to the most common configuration options, but extremely advanced configuration features remain beyond its reach, so real experts may want to steer clear of Webmin, lest it muck up their delicately balanced system configurations. Another great Webmin asset is its clustering facilities, which are of potential interest to administrators of networks.
Installing Webmin
Unfortunately, some popular distributions don’t include Webmin in their standard package sets. Specifically, this is true of both Fedora and Ubuntu. (Mandriva does include Webmin, though.) The good news is that the main Webmin Web site includes Webmin packages in RPM, Debian package, and tarball format. I’ve tested the RPM package on a (rather elderly) Fedora 6 installation and the Debian package on an Ubuntu 7.10 system. Both installed without a hitch, although I did need to install a few dependencies on the Ubuntu system. (The apt-get tool made this easy.) The Webmin package in Mandriva 2008.0 installed fine, too.
The Supported Systems link on the Third-Party Modules link on the Webmin site for information on the available modules. These modules support unusual server packages, rare hardware, and so on. Theme modules also exist to change the appearance of the Webmin user interface. Before spending too much time perusing the available third-party modules, though, you should proceed with basic Webmin configuration. It’s possible you won’t need to install extra modules; but you should keep their availability in mind, in case you find that Webmin doesn’t support an important feature of your system “out of the box.”
Using Webmin
If you install an RPM or Debian package from the Webmin main site, chances are it will automatically start Webmin. At this point, the software is configured for access, so you can log in using any Web browser: Type https://localhost:10000, or substitute the computer’s hostname for localhost if you prefer. Note that Webmin uses secure HTTP (https://) rather than the more common unencrypted HTTP (http://), at least if SSL is available on your system. If you omit https:// from your URL or use http:// instead of https://, you’ll see a page that redirects you to the secure port.
Chances are your browser will complain about the self-signed certificate that Webmin uses. This is normal, and you shouldn’t be concerned about it; however, for the security-conscious, you can reconfigure Webmin to use a certificate from a Certificate Authority (CA), if you like — and if you’re willing to pay for such a certificate! Doing so will make it harder for an intruder to masquerade as your own Webmin installation. A more important security approach is to limit the systems that may access Webmin. I cover this topic shortly.
Once you accept the certificate, you’ll see a login page. Use root as the username and type your root password. (On some systems, such as Ubuntu in its default configuration, you can use an ordinary administrative user’s username and password.) The result will be the Webmin main page, as shown in Figure One. Note that Figure One depicts the default Webmin theme, as produced by the stock Webmin package from the Webmin site. If you use a Webmin package for your particular distribution, it may install another theme, which can radically alter the appearance of Webmin, although not its functionality.
Figure 1: The main Webmin page provides access to a variety of administrative areas
To use Webmin, select the subsystem you want to configure using the list to the left of the window. (With some themes, this list appears at the top of the window.) The main areas are:
Webmin — This area contains options for the Webmin server itself, such as the theme it uses and the users who may access it.
System — You set basic system configuration options in this area, such as the SysV scripts that run at startup, the filesystems that are mounted, and cron jobs that are run.
Servers — Most network servers can be configured in this area, so come here to adjust SSH, Samba, or other servers.
Networking — This area provides options to configure basic network settings, such as the network interface(s) you use and your firewall options. A few servers, such as NFS, are also configured in this area.
Hardware — You can adjust various hardware options, such as your boot loader, partitions, and printer drivers, in this area.
Cluster — Webmin provides the capability of managing multiple systems from one interface. I cover this topic in more detail shortly.
If you’re familiar with GUI system administration tools generally and with the nature of the system you want to administer, you should be able to figure out the details of how to use Webmin without too much trouble. To get you started, though, here’s an example of how to add a user via Webmin:
- Click the System area to reveal the System options.
- From the list of System options, click Users and Groups. You should see the Users and Groups page appear in the right pane of your browser.
- Click the Create a New User Link. Note that this link is not highlighted in any way, so you may need to search for it.
- In the Create a User page, enter the necessary information — most importantly the username and password. Webmin defaults to creating accounts in which logins are not permitted; you must change the radio button to “Normal Password” and type the password. Unfortunately, the page echoes the password for all to see, so it’s best to create an account with a “throwaway” password that will be changed immediately by the user.
- Click the “Create” button.
At this point, Webmin returns you to the Users and Groups page, which should be updated to show the new user. You can test the new account. If you created it as a test and not for a real user, remember to delete it. You can do this from the Users and Groups page by selecting the account in the tick box on the left of the table and then clicking the Delete Selected Users button. Webmin asks for confirmation, then deletes the account(s).
Other Webmin modules work in a similar way. As a general rule, Webmin provides a good set of options to handle basic and intermediate configuration of most subsystems; however, advanced features are not very well supported, so if you need to perform advanced configuration, you may need to drop down to the command line and use a text editor or text-mode configuration tools.
Adjusting Webmin Security Options
By default, Webmin functions using SSL security (if the appropriate support exists on the host computer), but it accepts logins from anybody. Although SSL security is good, the default open configuration is potentially risky, particularly if the system is exposed to the Internet or is run on a large and relatively insecure network (such as a college or corporate network, to which many people have access). To improve security, you should configure Webmin to be fussier about those to whom it grants access.
To begin, go to the Webmin Configuration area in the Webmin menu. Several modules in this area have security implications. The first of these is the IP Access Control module. The default setting in this module is for Webmin to accept access from any computer. To improve security, you should select the Only Allow From Selected Addresses option and enter the hostnames or IP addresses of the computers that should be allowed to access Webmin. For best security, enter 127.0.0.1 (the localhost address) as the one and only acceptable address; this will make Webmin accessible only to the computer on which it runs, and then only if you use localhost or 127.0.0.1 as its hostname in your Web browser. If you want to be able to remotely manage your computer, though, you may need to broaden this list to include the computer from which you normally access Webmin, or perhaps even an entire subnet or two. The more systems you include on this list, though, the less secure Webmin will be.
The second module you might want to adjust is the Ports and Addresses module. If you’re satisfied with localhost-only access to Webmin, you should configure the Bind to Address area to bind Webmin solely to 127.0.0.1. This action will prevent Webmin from even listening to external network ports, thus improving security. You could also obfuscate Webmin access by changing its port from the default 10000; however, this will have minimal impact at best. If you want to run Webmin on a router or other computer with multiple network interfaces, binding it to one interface via this system is probably wise. For instance, you’d probably bind Webmin to the internal network on a router, or you might bind it to the Ethernet port but not the Wi-Fi port on a laptop.
The Authentication module provides options related to usernames and passwords. Its defaults are sensible, so chances are you won’t need to change these options; however, it’s worth checking just to be sure. The Password Timeouts feature is particularly worth noting; be sure this feature is activated and set to block access from computers that attempt but fail to access the server; such failures could indicate a brute-force attempt to break into Webmin.
Finally, check the Start at Boot Time option, which appears after the list of modules. If this option is set to No, Webmin will not start automatically. This might be a useful configuration if you expect to need Webmin only rarely — you could configure the server to not run automatically, but then start it manually whenever you need it.
Managing Multiple Systems
When your network hosts multiple systems, one of the difficulties can be keeping those systems synchronized — installed software, user accounts, and so on can get out of sync between different computers. Although specialized tools to deal with these issues exist (such as using LDAP or Winbind to provide a centralized user account database), another option is to use Webmin. Specifically, the Cluster group of options enables you to set up and maintain users, software, cron jobs, and other features on a group of computers.
To begin, though, you must start with the Webmin Servers Index item in the Webmin area. On this page you can locate remote Webmin servers, either by broadcasting for them (which will locate servers on your own system’s subnet) or by performing a scan (which can find servers on remote subnets). Note that both methods rely on remote access to the server being enabled; you won’t be able to add a Webmin server to a cluster if you’ve configured it for localhost-only access. Once you’ve scanned for your remote servers, they should appear in the list at the top of the page. At this point, you should click the Edit link beneath each one in turn. I recommend you set the Server Type appropriately. You may also need to select the Login via Webmin with Username option and enter the username and password for remote administrative access. Click the Save button to save your changes.
With the remote Webmin servers registered, go to the Cluster area to perform cluster operations. You can create users, change user passwords, run individual commands, set up cron jobs, and so on. Many of these options require you to explicitly add the individual systems you want to manage from a list of recognized servers. Look for the Add Server button, but don’t just click it; note that you must first select the server you want to add via the selection button next to Add Server.
With the cluster operations working, you can greatly simplify many common system administration tasks on a network. Even without cluster operations or for a single isolated system, Webmin can be a time saver, particularly for novice and intermediate administrators who may not yet be familiar with every feature of Linux.
Comments on "Webmin: Integrated System Administration in the Browser"
Though not for everyone (some Linux Gurus frown at the using a GUI on a server), in my opinion Webmin takes a lot of the initial “fear factor” out of administering a Linux installation. I have to say that I found it indispensable in my journey into Linux administration.
Well its a great tool for newbie and also for experienced admins for saving time but one especially newbies shouldn’t completely depend on any GUI tool. Knowledge gives confidence and it lies in doing thing manually.
Webmin is a great concept. Pity that it looks like something out of the 90s.
Compared to administration in a Windows environment using Active Directory, Webmin looks positively archaic.
Until it undergoes a total overhaul of its GUI to make it look at least like a current Web 2.0 application, I cannot see any Windows administrators taking it seriously.
interoperate: aside from the grungy interface, do you think it’s missing some features or functions?
i ask because i use all sorts of admin tools (cisco/juniper/windows/linux/aix/mac/solaris/sys390/etc.) and i’m not sure what parts of ms system center or mmc & snap-ins benefit from xp/vista themes or (eventually) fluent.
frankly, i’ve been more impressed by powershell and the exchange mgmt shell for fast/reliable admin work.
I love Webmin and use it on every OS it will work on. If you’ve ever used Solaris, you’d really appreciate Webmin.
Its hard to remember which services and its parameters/arguments you have to administer a server and its Webmin who gives me the clues/guide to get them correctly configured.
But would rms come out as 100% clean? I have gdb-doc inalslted which is marked as non-free but maybe he doesn’t need to consult the manual.(otherwise I’m 1.1% of 1823)
Truthfully i think webmin is a great tool especially for beginners. But on a rather personal note, i stll prefer the old black terminal and green text command-line tools. they make me feel like am ‘actually doing something’
I have been using Virtualmin Professional (http://www.virtualmin.com) that has Webmin incorporated, to run my Linux box with CentOS. This supports the setting up of virtual domains as well as server administration and for someone like me who needs that bit of assurance from a GUI works just great. Jamie, the developer of Webmin offers some fabulous support and I have no regrets paying for Virtualmin Professional and using Webmin. Great stuff, and super easy to install with their install script, onto a simple OS installation. A lot of the stuff is setup by default, so administration is a breeze.
I’ve always been told to avoid Webmin as it’s very insecure, this was a few years ago. I had actually thought Webmin was EOL.
I too, am one of those “give me a shell, and I’ll administer the hell out of this box” type admins. Though, if you work with others less shell-zealous as yourself, this tool looks like it could come in handy.