Hi. Not sure how to handle this (or title this), but I've just started the process to add in a third physical server into my Cloudmin setup. I've currently had a Cloudmin master and another physical server managed great by that master for a long while. (Works so great.. thanks for Cloudmin/Virtualmin/AllOfItMin!)
The server's been running Ubuntu 10.04 and was installed clean as a Virtualmin system. I was adding Cloudmin to it using the automated script. Initially, I had some trouble since the server has a /boot partition that was full due to too many lingering kernels. I cleaned all that up and ran the script again. It's shown that it succeeded ("Cloudmin for physical systems has been successfully installed.")
So now, I'm trying to access Cloudmin on this server and the "Cloudmin" menu link on the left menu bar is not there. I've tried to access some functions directly and was finally treated to this message:
"Access denied : User paul is not allowed to use the Cloudmin (Physical Systems) module"
This happens to be the only user on the system, and the main administrator account I use. (Logging into Virtualmin on other systems works fine using users like that -- I don't have a "root", that I know of.)
I hope this is enough relevant info. I'm not finding any way to add permissions to the user, much less how to log in any differently so I'm using a "super admin" or whatever.
Thanks for any help! Paul
Comments
Submitted by andreychek on Fri, 08/24/2012 - 08:05 Comment #1
Howdy -- it sounds like you're saying you have Virtualmin on this system, is that correct?
When you log in as the user "paul", Virtualmin will show you your username on the top-left. Under that, does it say "Master Admin"?
One other thing you may want to try is to restart Webmin, which you can do with:
/etc/init.d/webmin restart
If that doesn't help, we can always try setting a root password to see if that allows you in (which you can do on the command line with "passwd root").
Jamie may have some additional thought on the specific cause of those permission issues, but the above questions should get us started in the meantime :-)
Submitted by paulhoza on Fri, 08/24/2012 - 14:59 Comment #2
Hi.
Yes, I'm using Virtualmin and I do see "Master admin" under "Login: paul" when on the Virtualmin panel. However, when on the Webmin side, it just says "Login: paul" without that next line below it. Maybe that's relevant?
On both the other systems I'm using, I see "Cloudmin master admin" under the login name in both the Cloudmin and Webmin sections of the left menu.
Also, I have indeed restarted Webmin several times. Here's the output on the command line after running the command:
paul@fafnir:~$ sudo /etc/init.d/webmin restartStopping Webmin server in /usr/share/webmin
Starting Webmin server in /usr/share/webmin
Pre-loaded virtual-server/virtual-server-lib-funcs.pl in virtual_server
Pre-loaded virtual-server/feature-unix.pl in virtual_server
Pre-loaded virtual-server/feature-dir.pl in virtual_server
Pre-loaded virtual-server/feature-dns.pl in virtual_server
Pre-loaded virtual-server/feature-mail.pl in virtual_server
Pre-loaded virtual-server/feature-web.pl in virtual_server
Pre-loaded virtual-server/feature-webalizer.pl in virtual_server
Pre-loaded virtual-server/feature-ssl.pl in virtual_server
Pre-loaded virtual-server/feature-logrotate.pl in virtual_server
Pre-loaded virtual-server/feature-mysql.pl in virtual_server
Pre-loaded virtual-server/feature-postgres.pl in virtual_server
Pre-loaded virtual-server/feature-ftp.pl in virtual_server
Pre-loaded virtual-server/feature-spam.pl in virtual_server
Pre-loaded virtual-server/feature-virus.pl in virtual_server
Pre-loaded virtual-server/feature-webmin.pl in virtual_server
Pre-loaded virtual-server/feature-virt.pl in virtual_server
Pre-loaded virtual-server/feature-virt6.pl in virtual_server
Pre-loaded server-manager/server-manager-lib-funcs.pl in server_manager
Pre-loaded WebminCore
Submitted by JamieCameron on Fri, 08/24/2012 - 16:06 Comment #3
I assume
paulis your master administrator login?If so, try editing the file
/etc/webmin/webmin.acland finding the line starting withpaul:, and addingserver-managerat the end.Submitted by paulhoza on Fri, 08/24/2012 - 16:16 Comment #4
Yay! Worked great. (changed that line and restarted Webmin, btw, just to be clear for people reading this later.)
There is also a "root" user that had the
server-managerbit at the end, BTW. I haven't used "root" at all with this server -- actually haven't been using root on any of my Ubuntu servers, so didn't accidentally succeed earier while using root.Thank you for your help!
Submitted by JamieCameron on Fri, 08/24/2012 - 16:24 Comment #5
Ok, that explains it - when a new module like Cloudmin is installed, it is granted only to the root user. So if you have a different admin login, he won't have access.
You can control which user gets new modules at Webmin -> Webmin Configuration -> Upgrade Webmin -> New module grants.
Submitted by paulhoza on Fri, 08/24/2012 - 16:26 Comment #6
Before I leave this thread, please tell me if I should be using
rootuser with a strong password, instead of having the other user as the server manager?If there's a "best practice" on this front, I'll be happy to switch things up. I was just going through the Virtual/Cloudmin docs and realized I missed the section on "Setting a root password" on this page: https://www.virtualmin.com/documentation/installation/automated
Thanks for the tip, if it turns out I'm not doing things as I should. I've been working on getting the SSH key access between the Cloudmin-managed servers working properly, but I haven't quite worked it out yet. I'm setting down to try another round of key-based access right now.
Thanks!!
Submitted by JamieCameron on Fri, 08/24/2012 - 16:30 Comment #7
It really doesn't matter what username you use - just make sure that the password is strong.
Using root is less confusing though.
Submitted by paulhoza on Fri, 08/24/2012 - 16:36 Comment #8
OK, thanks. Great explanations. I'm a little confused about why I had this problem surface on only one of the four servers I've been tinkering with, but I'm not going to dwell on that -- I have plenty of other work to do at the moment. :)
I do think I'll go back in and remove
server-managerfrom any non-root users and just cinch down security a tiny bit more. Maybe having fewer users (aka: only one) with full access is just one of those Good Ideas I should implement while I'm thinking of it.Again, thanks very much.
This thread is close-errific now. (I don't know if I should close it or always let you guys do such things. I need to RTFM of etiquette on issue queues from a user perspective.)
Submitted by JamieCameron on Fri, 08/24/2012 - 16:40 Comment #9
Cool .. I will mark this ticket as fixed
Submitted by Issues on Fri, 09/07/2012 - 16:46 Comment #10
Automatically closed -- issue fixed for 2 weeks with no activity.