Usermin Configuration

You configure Usermin, perhaps paradoxically, from within Webmin. Clicking the Usermin Configuration icon under the Webmin tab displays a few rows of icons of Usermin options, which are very similar in form and function to those of the Webmin Configuration module (Figure 4-1). There are far fewer configurable options, of course, but because Usermin is based on the same web server framework as Webmin ( miniserv.pl, specifically), it provides all of the same access control and security mechanisms.

Figure 4-1: Usermin Configuration index

Usermin Module Configuration

On first entering this module, all that is displayed is a page listing all of the Usermin modules that have configurable options. Clicking a module name will open a page that contains the configuration options for the selected module.

GnuPG Encryption

GnuPG (Gnu Privacy Guard, or gpg for short) is a complete and Free Software implementation of the encryption standards originally provided by PGP (Pretty Good Privacy, a commercial product). It does not rely on the patent-encumbered IDEA algorithm, so it can be used with no restrictions for commercial or noncommercial purposes. GnuPG provides strong encryption and digital signatures of several types for email and files. Using GnuPG strong encryption it is possible to send a private email with confidence that only the recipient can decrypt the message. Additionally, a message may be digitally signed, allowing confirmation of sender identity and verification of the contents of the message (i.e., it confirms this actually is the message as it was composed by the sender and it hasn’t been modified in some way during transit).

This module only has one configurable option, the keyserver which is used for sending and receiving key files. If you use GnuPG to confirm signatures, it is necessary to use central keyservers so that identities can be looked up in a centralized database. In this way, a web of trust can be woven between individuals who can confirm the identity of others. Because there is a large number of public keyservers available all over the world and they synchronize their data, it is a good idea to choose one near you.

Configurable Options for Mail Forwarding

Webmin and Usermin support a number of different mail transfer agents (MTAs), namely Sendmail, Postfix, and Qmail. This option should be set to the mail transfer agent that your server uses. Postfix is not listed as an option, however, because Postfix is entirely Sendmail-compatible from a user perspective. Simply select Sendmail if Postfix is the MTA, and everything will work as expected.

Configurable Options for Read Mail

The Usermin Read Mail module offers users a complete, if basic, web-based mail client. It allows the user to send and receive mail, as well as keep a simple address book and digitally sign or encrypt messages. For this module there are a number of configurable options, as shown in Figure 4-2 and Figure 4-3.

Figure 4-2: Configurable options for Read Mail

Figure 4-3: Default user preferences for Read Mail

Default hostname for From: addresses

This is the host name that will be included in the mail headers in the From field. If you wish all mail from your domain to be addressed from just the domain name (rather than, for example, mail.domain.com) you may enter it here. Entering domain.com will cause all mail sent from this machine using the Usermin mail client to appear to be from domain.com.

Allow editing of From: address

If Yes the user can enter any address they choose in the >From field. If No, all mail will be marked as originating from the domain you chose in the previous option. It may be appropriate to permit this change, if clients have their own domain names or would like to be able to primarily use another address and do not want to keep up with replies to another mailbox.

From: address mapping file

When hosting virtual domains, it may be useful to have the From: address set to the appropriate user@virtualdomain.com address rather than that of the real username and the domain of the system. This option sets Usermin to choose the correct address from a domain mapping file, usually the generics table.

Mail storage format

Like that of the Mail Forwarding configuration above, this selection should match that of the MTA that is running on your server. You can choose Sendmail style single file if Postfix is the installed MTA.

Sendmail mail file location

Here you select the location of your mail storage directories. This is usually located in /var/spool/mail, and another common option is to deliver it to the user’s home directory into mbox. This depends on the configuration of your mail delivery system (which may or may not actually be Sendmail). Postfix can use Sendmail-compatible mail delivery options and so requires no special configuration here.

Sendmail file in home directory

If mail is stored in the user’s home directory, specify the file name for the inbox here. Often this is mbox, but some mail servers or mail clients may choose something different. Often the inbox is not in the user’s home directory at all, and so this option isn’t always necessary.

Qmail or MH directory location

If using Qmail of MH, specify the location of the system mail storage directory here. QMail and MH use custom mail storage formats that are implemented as one-mail-per-file, as opposed to the traditional mbox format which puts all emails into a single file. This is thought to provide better performance and better reliability by some administrators and developers.

Qmail or MH directory in home directory

If mail is stored in the users home directory rather than in the system mail spool directory, you may specify the location here. Often, this will be the Maildir directory, though it could be something else.

Mail subdirectory style

Some mail delivery agents allow the mail spool directory to be divided into multiple subdirectories in order to ease management and accommodate limitations of some UNIX filesystems. If your delivery agent does not deliver all mail to a single mail spool directory, and instead delivers to users spread across many subdirectories, you may configure that here.

POP3 or IMAP server name

In addition to reading local mail, Usermin can retrieve email from a POP3 or IMAP server. If your mail spool is located on a remote server, you can specify it here.

Send mail via connection to

Selects how Usermin will send mail. It can be sent to any local mail transport agent or a remote SMTP server. By default this is the sendmail executable, but several alternatives exist.

Sendmail command

The location of your MTA executable. This is the command that will be called when Usermin sends mail, unless configured to send via a remote SMTP server.

Allow attaching of server-side files?

This allows users to attach files that are located on the local machine (on which Usermin is running). This could potentially be a minor security risk, because the user could then attach any file for which they have read permissions. This setting applies to all users, and is not configurable by the user.

Minimum mail file size to index

For performance reasons, Usermin can be configured to create an index file of email in a users mailbox. It is usually unnecessary unless the mailbox is rather large, so you may configure the minimum size of a mailbox that Usermin will index.

Global address book file

Usermin provides a simple address book for users to store email addresses. If specified here, a global address book can be created that can be shared among all Usermin users on the system. This can be useful for companies that have a lot of employees, and require frequent email interactions.

The lower portion of the Read Mail page (Figure 4-3) is devoted to configuring the default user preferences for the module.

Users can edit preferences

If you would like to prevent users from modifying their preferences for the Read Mail module, you may specify No here. By default, the user will have the preferences you specify here, but they can change any of them. Some options, like line-wrap widths and number of mail messages to display at once, allow changes that would make the mail client more suitable for different environments, such as palm-sized access devices. Others are merely matters of personal preference.

Mail messages to display per page

This option is pretty much self-explanatory. You may choose to display more or fewer messages, which can be useful if clients are using small display devices for using the web mail client and too many lines makes browsing messages in the inbox cumbersome. You are configuring the system-wide default here. Users can alter this setting, and all of the following Read Mail display-related options for their own account.

Width to wrap mail messages at

Again, your users may find this option useful for small displays, such as handheld computing devices. The default is 80 characters per line.

Show buttons at top for

Selects on which pages the Delete, Mark message as, and Forward buttons will be displayed at the top of the page. By default, these buttons appear at the top and bottom of the mailbox pages and only at the bottom on the view mail page. If large mails are common, your users may find it convenient to display buttons at the top of both. If your users don’t have a lot of screen real estate (such as with a palm-sized device, for example) you might not want to display buttons at the top of any page.

Show To: address in mailboxes?

This option allows you to select whether the mailbox page will display the To: field. It’s useful if a mailbox receives messages with different email addresses via mail aliases.

Don’t MIME encode messages if text only?

If set to Yes, messages that contain no binary files will not be MIME encoded. MIME encoding is a means to transmit data and text that falls outside of the 7-bit ASCII that is permitted in plain-text emails.

Mailboxes directory under home directory

Mail folders will be created by Usermin for storage of sent mail, drafts, and custom folders. These folders will be created in the user’s home directory within the subdirectory specified here.

Treat mailbox subdirectories as

If there exist other subdirectories within the directory specified above, Usermin can consider them as folders, or as subdirectories, as specified here.

Save sent mail

If selected, mail sent by users via the Read Mail module will be saved in a sent mail folder in the user’s home directory.

Automatically mark read messages

Messages that have been read will be marked with a check mark if this option is set to Yes.

Default folder file

This selects the folder that will be displayed when the user first opens the Read Mail module. By default this is the inbox for the user.

Show image attachments as thumbnails

If selected, and the appropriate libraries are available, image attachments will be displayed as thumbnails. Clicking the thumbnail will display the full-sized image.

Sort address book by

Address book entries can be sorted alphabetically by the real name or the email address, or they can be sorted chronologically by the order in which they have been added.

Include real name in From: address?

If available, the user’s real name can be included in the From field of messages being sent using the Read Mail module.

Character set for sent mail

MIME mail messages may contain characters from several character sets. This option specifies the default character set for sent mail. Locations with native languages other than English and other romance languages may wish to change this to a different character set.

Ask for confirmation before deleting

This option configures the level of confirmation required when deleting emails and folders. If set to Yes, every delete request will have to be confirmed. If set to No, email deletions will not require confirmation.

Signature file

If specified, the user may have a signature file that will be automatically appended to every email composed. Traditionally, the file name for signature files is .signature in the users home directory, but any file name may be specified.

Running Processes

The Running Processes module in Usermin allows users to view all of the processes they are running. There are a couple of configurable options here.

Default process list style

The options correlate to the modes of the ps command. Therefore, it allows output forms, such as a process tree (where parent/child relationships are clear) as well as simpler process lists.

PS command output style

This option should match the OS on which Usermin is running, as it chooses how to parse the output of the ps command. However, if your system uses a custom variant of this command, you may need to modify this to an OS that provides a similar ps.

Cron Jobs

The Cron Jobs module allows users to create their own scheduled tasks to be performed automatically by the system at a specific time. The commands are performed with the permissions of the user that configured them.

Crontab Directory

This should be set to the directory where cron looks for its crontab files.

Command to read a user’s cron job

Some crontab versions may use slightly different command line options, or you may use a special-purpose wrapper for cron. Here you can select the command and options for reading a user’s crontab.

Command to edit a user’s cron job

Similar to the above Command to read a user’s cron job, except it configures the command to edit a user’s crontab.

Command to accept a user’s cron job on stdin

crontab can usually accept input from the standard input also, if the - pseudo-file name is given on the command line.

Command to delete a user’s cron jobs

This option sets the command Usermin will use to delete a user’s crontab entries.

Cron supports input to cron jobs

This option configures whether Usermin will provide a text entry box so that the user can provide data to the command being run via standard input. The command being run must accept data from standard input.

Path to Vixie-Cron system crontab file

This should be the path to your system-wide crontab. Generally, it would be /etc/ crontab.

Path to extra cron files directory

Many systems make use of an extra cron directory for program specific cron jobs to execute when cron runs. This is likely /etc/cron.d.

run-parts command

The run-parts command is often run in the system crontab file, and is used to specify other directories to run at specified times. For example, on a Red Hat Linux system the crontab contains:

SHELL=/bin/bash  PATH=/sbin:/bin:/usr/sbin:/usr/bin  MAILTO=root  HOME=/  # run-parts  01 * * * * root run-parts /etc/cron.hourly  02 4 * * * root run-parts /etc/cron.daily  22 4 * * 0 root run-parts /etc/cron.weekly  42 4 1 * * root run-parts /etc/cron.monthly 

The previous example sets a few defaults in the cron environment and executes run-parts at a few specified times. Specifically, the /etc/cron.hourly file is executed at one minute after every hour. run-parts is simply the program that processes the specified directory and executes all of the commands in it.

Available Modules

Much like the Webmin module selection page, this page allows you to select which modules will be available to users. If, for example, you do not want users to have any direct filesystem access, you could disable the Command Shell, File Manager, and SSH/Telnet Login. The SSH Configuration and Login Script are then useless, so may be disabled as well.

When to Use Usermin

It has probably become quite clear that Usermin and Webmin are strikingly similar in many ways, and Usermin has very little that Webmin does not. So, why use it? Why not simply give everyone access to Webmin and simplify life for everyone? There is no way to answer that question fully without analyzing the environment in which the system is deployed. Under some circumstances, Usermin would be useless while requiring additional resources to install and run it. But in other circumstances, Usermin can be a valuable addition to an administrator’s toolkit.

Usermin is at its most useful when the server is being used by a large number of unprivileged users, and administration of those users needs to be simplified. Before Usermin, it was possible to grant users access to Webmin to read their mail, change passwords, and perform a few normal user functions, and that functionality is still there. One could use Webmin for the same purposes by constructing elaborate ACLs and groups and being careful to configure those new users with just those permissions. However, this leaves some room for administrator error, which could have dramatic consequences. Usermin, on the other hand, leaves no room for error. A Usermin user has the permissions of the user that is logged in and no more. The user can’t accidentally receive additional rights, and so a careful selection of available modules is not needed to ensure security and ease of use (because, let’s face it, many users can become quite confused by too many complicated options).

Another good use for Usermin is to provide an easy method for users who travel to read their mail and retrieve files from their own home directories. By providing a web interface to the local machine (and via network file servers, potentially all of a user’s data) telecommuters can do all of these things from any web-enabled device in the world. In other words, users can log in to the local network from an Internet cafe, an Internet kiosk at trade shows, or a wireless web device. Doing so requires no specialized software to be installed on the client system.

Another interesting use for Usermin would be in a shared-hosting environment, allowing users the ability to view their own directory, upload files via a web browser, edit many of the basic features of their shell account, read mail, and so forth. It wouldn’t be difficult to implement a few nifty extras such as running a web log analysis tool and allowing users to view the results from within Usermin.