http://qa.mandrakesoft.com/show_bug.cgi?id=5902
Product: webmin Component: packaging Summary: Upgrade deletes user configuration + security prbs Product: webmin Version: 1.100-2mdk Platform: PC OS/Version: All Status: UNCONFIRMED Severity: critical Priority: P2 Component: packaging AssignedTo: [EMAIL PROTECTED] ReportedBy: [EMAIL PROTECTED] I started Webmin today and found that during the upgrade from MDK9 to 9.2rc2 ALL of the (MY) user configuration files for Webmin were deleted. It should not do that. ( In this case, those files were in /usr/libexec/webmin. The location /usr/libexec/webmin is where Webmin normally resides when upgraded/installed from the author's SF site. ) It took me hours, days, ... to reorganize the Webmin initial (index) display and remove unused program configurators(security risks). The installation process killed all of that work in a few seconds. Although it might be necessary to reset to default parameters during an upgrade to insure a working Webmin it is NOT necessary to delete all the config files that currently exist. Of special interest is that the upgrade-installation destroyed my configuration but it left all of the other files/dirs dangling in /usr/libexec/webmin. Since the end user can get upgrades to Webmin from the Author's SF site, I believe that the proper solution here is to change the default install location of webmin to /usr/libexec/webmin and only ln -s /usr/libexec/webmin /etc/webmin (if /etc/webmin must exist for some reason), and, of course, do NOT ever delete user configuration files during an upgrade; rename them if you must, but do NOT delete them! Please adjust the spec file to move any existing config files to <configName>.rpmbak (or something like that). Since MDK is changing (has changed?) to Webmin from Linuxconf as the main configurator in addition to the *drak* programs, it is _critical_ that installation be handled properly. [more] BTW, the work I had done was primarily to eliminate possible security risks that had been reported by the security scanner nessus. I just ran that scan again and now I have OVER 1000 lines of warnings and even a security "hole" listed in the report for Webmin. I'll attach a pic to illustrate the problem. IOW, the default webmin install includes many useless configurators(i.e., the corresponding programs are not installed). I suggest running nessus, taking a look at the output for webmin and adjusting the default install accordingly. (I also think Vincent needs to look at the nessus output for RC2 with webmin.) -- Configure bugmail: http://qa.mandrakesoft.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.