Submitted by pban02 on Mon, 07/20/2009 - 08:01 Pro Licensee
Use Case: I need to provide a number of developers access to a Virtualmin Virtual Server located at say proja.mydomain.net. They are programming in Drupal and need access to: - the shell via SSH - their project's MySQL database - their project's SVN repository and - their Drupal directories and files via Filezilla, Cyberduck or some such ftp or sftp client - the apache configurations for their virtual server
Question: What is the best way to go about this in Virtualmin / Webmin?
Status:
Closed (fixed)
Comments
Submitted by andreychek on Mon, 07/20/2009 - 09:36 Comment #1
I believe what direction you go with this comes down to how much access you wish to grant them.
Two thoughts come to mind with how to set them up:
You could simply add them all as users of the Virtual Server, granting them SSH and/or FTP access -- using the Virtualmin interface to grant them permissions to MySQL and SVN (which are options as you create the user in Edit Mail and FTP Users). They could then use .htaccess files to alter the Apache config -- and those .htaccess files could become part of the SVN repository.
If you'd like to grant them more control, you could add them as admins for this particular Virtual Server. You can do that from within Administrative Options -> Manage Extra Admins. That means they'd be allowed to do everything the Virtual Server owner can do.
Submitted by pban02 on Mon, 07/20/2009 - 11:30 Pro Licensee Comment #2
I used the "Edit Mail and FTP Users" menu in Virtualmin to add a user but couldn't find an option to add SSH logins.
Also this menu creates the users as name@proj.mydomain.com Is there a way to just name the user "name" without the @proj.mydomain.com?
TIA
Submitted by JamieCameron on Mon, 07/20/2009 - 12:05 Comment #3
By default there is no way to create a user with SSH access. However, you could change this as follows :
1) Go to System Customization -> Custom Shells, and select "Custom shells below".
2) In the row for the "/bin/sh" shell, select the "Mailbox" column, then click Save.
3) Go to Edit Mail and FTP Users, and click on "Add a website FTP access user". Set "Login permissions" to "Email, FTP and SSH", and grant access to any databases that you want.
Submitted by pban02 on Wed, 07/22/2009 - 04:31 Pro Licensee Comment #4
That worked - thanks. The users now all have nasty user names like pete@bla.example.com instead of just pete. Isn't there a template somewhere where one can correct this?
What if the same developers work on more than one virtual server? Is there a way to define the users in Webmin and enable them to some virtual servers and not others?
Submitted by JamieCameron on Thu, 07/23/2009 - 00:07 Comment #5
Each user is tied to a virtual server, which is why they have the domain name in their names .. so they would need separate logins for separate domains. If you want to shorten the name, you can manually rename the user at Webmin -> System -> Users and Groups though.
Submitted by jonkristian on Sun, 11/29/2009 - 01:01 Comment #6
This didn't work for me, I got this error: Failed to save custom shells : Exactly one shell must be the default for mailboxes
I want to either allow extra admins to have e-mail, or give more control to users. Any particular reason that there isn't just one user setup and ACL in general?
Submitted by JamieCameron on Sun, 11/29/2009 - 18:39 Comment #7
jonkristian - which page did you see this error on? That message should come only from the Custom Shells page ..
Submitted by jonkristian on Mon, 11/30/2009 - 08:12 Comment #8
System Customization -> Custom Shells , after pressing Save.
Submitted by JamieCameron on Mon, 11/30/2009 - 12:42 Comment #9
Custom Shells isn't the right place for this ..
Extra Admin accounts in Virtualmin cannot have email at all - they are totally separate from mailboxes. You can have a mailbox with the same login and password though.
Submitted by jonkristian on Sun, 12/06/2009 - 08:51 Comment #10
Are you reffering to my post #6 "I want to either allow extra admins to have e-mail, or give more control to users."
If that isn't the right place, then what is this issue about? All i want is to be able to give users access to e-mail, ftp, ssh.
If you are an administrator/reseller or whatever, when you create a user with you should be able to choose this, ssh access is quite usual for users and I also don't see the point with the extra admins, why not have one user screen, and select what this user should be allowed to do.
And in #5 You say that a user is tied to a site. But you can't have two users on different site's with the same username or password in any sane way:/ But that's another issue I've posted, so I won't bring this up in detail here.
Sorry if I sound a bit frustrated, but for every thing i need I seem to be crashing into a wall:/
Submitted by JamieCameron on Sun, 12/06/2009 - 12:23 Comment #11
Ok, if you just want to give additional users SSH access as well as FTP and email, the steps to follow are :
1) Login as root and go to System Customization -> Custom Shells, and select "Custom shells below"
2) For the shell /bin/bash, check the boxes in the Enabled? and Mailbox? columns, then click Save.
3) Any user can now go to Edit Mail and FTP Users, and create a new user. Under Other user permissions in the Login permission field, select "Email, FTP and SSH", then click Create.
Submitted by jonkristian on Sun, 12/06/2009 - 12:47 Comment #12
Ok, that worked, thanks:)
Submitted by JamieCameron on Sun, 12/06/2009 - 14:37 Comment #13
Great!
Submitted by pban02 on Sun, 12/06/2009 - 15:45 Pro Licensee Comment #14
I found a way to create a single Unix and Webmin user and give them permissons to access and do things in more than one virtual server:
Go to "Webmin -> Webmin Users" and make sure that at least one Webmin group exists. If not create one with no or absolutely minimal privileges. You can create as many Webmin groups as you like to control what kind of access to Webmin and Virtualmin you want to give your Webmin users. Note that every Virtualmin virtual server owner is a Webmin user with the appropriate permission.
Go to "Webmin -> Webmin Users -> Configure Unix user synchronization". Check the box "Create a Webmin user when a Unix user is created". Not sure whether it is a good idea to also check "Set password for new users to Unix authentication", but I did, to ensure that the password for SSH/Unix logins and Webmin is the same. Can someone confirm that this is necessary or otherwise? To make sure this will work, you should also
Go to "Webmin -> System -> Users and Groups" and create a new user - this is a Unix user. Select the shell to be /bin/bash (not really necessary, but do the new user a favour by doing this), and add the groupnames of the Virtual Servers you want to allow this user to work on to the "Secondary Groups" column. Set anything else that is appropriate.
Now you have to ensure that this new user will have the correct access permissions to the directories and files of a virtual server (whose group you added to the Secondary Groups of the user in the previous step). To e.g. give the user read and write access to a virtual server's files and directories, SSH to your server, preferably as root and and do a
"chmod -R ug+rw *"on that virtual server's home directory. To give read only access, use"chmod -R ug+rw *"etc.To allow an existing user to access a virtual server that was created after the user was created, don't forget to add the Virtual Server's unix group to the Secondary Group of the user.
Hope this helps some of you with similar use cases. It would be nice to have this as a Webmin or Virtualmin facility.
Submitted by Issues on Mon, 12/21/2009 - 01:21 Comment #15
Automatically closed -- issue fixed for 2 weeks with no activity.