Linux can have a somewhat split personality. If you use it as a desktop OS, it has a lot of GUI tools, although sometimes you still need to access the command line. If you use it as a headless server, though, you probably ought to know your way around the command line pretty well. This is especially true if you don’t want to litter up your hard drive (and CPU) with X servers and other peculiarities of the graphical user interface.
Personally, I like the command line, but I am realistic enough to know that not everyone shares that feeling. I’ll also admit that for some tasks — especially those you don’t do very often — it is nice to have some helpful buttons and menus. There are several administration tools that you might be interested in using to handle administration tasks on your Linux machines. I’m going to look at two of them you might want to experiment with that both use a Web browser to provide their interface.
Why two? Well, first, it is certainly in the Linux tradition that there is more than one way to do any particular thing. On top of that — again, sort of a Linux tradition — each tool has its plusses and minuses. The Webmin tool has a huge number of plugins to manage lots and lots of different things. However, Cockpit is more modern and, assuming it supports what you need, probably more usable.
Disclaimer
Oh, and just to get it out of the way. Yes, there are some people who think tools like this are an abomination. I think it depends on your goals. If you are administering a highly-secure server for a giant corporation, maybe these tools shouldn’t be your first stop. As I mentioned, I don’t mind the command line, but I do use Webmin only because it provides Usermin which lets me provide a GUI to my friends who have accounts on my machine so they can do basic administration tasks related to their accounts. I’ve found Cockpit’s system monitoring to be nice even though I don’t do much in the way of changes using the system.
Even if you like using tools like this you really should get comfortable with the command line, at least for common tasks. One interesting tidbit though. Both tools allow you to launch a command line in your browser, at least to some extent.
Webmin
Webmin is probably not going to win any user interface awards. It is really a series of Perl modules that have a common user interface and share some infrastructure. The good news is that Webmin has an open interface and has been around long enough that if you want to manage some obscure piece of software, it is a fair bet that there is a Webmin module for that. You can also disable any modules you don’t want.
As I mentioned, you can also set up Usermin which allows ordinary users to do things via GUI. You can control what they can and can’t do, of course.
Despite being a little clunky, you can issue commands and even use an odd Web browser-based terminal. There are a few things that require Java, and that’s getting harder to find in modern Web browsers. However, most of these have alternatives (for example, there is an HTML file manager and a Java-based one).
Depending on the distribution you use, you can probably just install Webmin using your package manager. There are also plenty of tutorials for installing Webmin on the Raspberry Pi. You can always find the official release on the project’s web site.
Cockpit
Cockpit is from RedHat and is certainly the more modern looking tool. It has graphs and is very responsive. However, there’s just not the range of plugins available for it that you can get for Webmin. However, if you are using Docker, Cockpit has great integration for managing containers.
As you can see below, you can connect to one machine and then have it connect to other machines and monitor them all at one time. The figure shows two boxes, but you can add many more.
Once you drill into a specific box, you have lots of management and monitoring options including access to a shell in the browser.
There are ARM backports of Cockpit available, so depending on the distribution you run your Pi on, you should be able to get it running easily.
Tip
To get the most out of Cockpit, you need to log in as root. However, many systems now don’t have a root password at all. When you log in, you can ask Cockpit to use your password to elevate privileges when necessary. If you don’t check the box, then doing some operations (notably adding a new server) will fail.
This sort of negates the idea of using sudo, to some degree. The whole idea is to force you to reauthenticate from time to time. If you let Cockpit provide your password to sudo, you aren’t really giving yourself that protection. I get the idea that if you don’t check the box, Cockpit should prompt you for a password just like sudo would. However, when adding a new server — at least — it doesn’t. It just fails.
The solution is to check the box when you log in to let it reuse your password. Just be aware that essentially makes using sudo for privileged access meaningless.
Security
You can, of course, change out the certificate. Let’s Encrypt is a good source for a “real” certificate at no cost.
However, opening up these interfaces to the outside world is pretty scary. After all, if someone does get it, they could do just about anything. You should consider changing the port numbers, using two-factor authentication (both tools support Google Authenticator), and, if possible, keep the tools listening only on your network and use VPN or an SSH tunnel to access it.
In Closing
Personally? I keep waiting for the whole WIMP (Windows/Icons/Mouse/Pointer) fad to die out leaving us to work on the command line as nature intended. However, that doesn’t seem like its going to happen until after the apocalypse. In all seriousness, for some obscure tasks, having some menu items and dialogs can be a great help. If you don’t do much administration, these tools can be great training wheels. And like I said earlier, Usermin is especially useful if you have users that are not Linux-savvy.
Besides, like it or not, Linux is about choice. I like KDE, but I’m glad people who want to use Cinnamon or other desktop environments have that option. For that matter, when I am running on a small machine, sometimes I’m glad to have other options, too.
Filed under: Hackaday Columns, linux hacks
No comments:
Post a Comment