On Mon, 2006-02-06 at 10:34, Jim Perrin wrote:
Webmin scares me more from a security perspective (as do the others) mostly because I don't like the idea of a "one interface to rule them all" type of approach. There have been several privilege escalation type holes found in webmin, and if someone gets access to it they can do whatever they want to your system. I suppose the same is true for cpanel and plesk, although I dislike them for other reasons. Or it could be the fact that I'm firmly entrenched in the "Commandline Admin" camp with no intention of moving.
The same is true for ssh... And would you rather have a tool where problems have been found and fixed or where they haven't been found ...yet?
I've seen far too many "Admins" click a machine to death with lack of understanding. In fairness, they do this on the command line also with --force or --nodeps etc.. but in smaller numbers.
Webmin generally imposes a syntax sanity check before saving a change so you don't kill the server by omitting a quote somewhere, which is really the worst problem with command line administration.
If you want something more extreme in web-managed servers, look at SME server from www.contribs.org. The version currently in pre-release is based on centos 4.x and the fill-in-the form administration won't let you do it wrong. It's fairly safe to give remote office administrators the admin password to add and remove users even it they know nothing about normal system administration.