Using another username for remote api instead of root

Submitted by ice on Thu, 05/23/2013 - 15:26

Hi guys,

I am asking if there is a way to use the remove api without using the root user and password.

Maybe a username like a reseller on cpanel? Is this possible and is there any documentation about this?

Thank you.

Status: 
Active

Comments

Submitted by JamieCameron on Thu, 05/23/2013 - 17:57

You can create an additional user who can call the Virtualmin API - however, that user will have access to all domains, rather than being limited like a reseller.

Would that work for you?

Submitted by ice on Thu, 05/23/2013 - 18:07

Hi Jamie,

How should I do this? Just I need to create a new unix account? This account must have root access? I will prefer that a non root user to be used for this. Is there a tutorial?

Also, is there a way to provide a remote API for domain owners?

For example I need to allow each domain owners to create email accounts on their domains only via remote API. Is this possible?

Thank you.

Submitted by andreychek on Thu, 05/23/2013 - 18:16

Users with access to the API need to have root access to your system. They would typically be system users.

It's not currently possible to grant API access to just one account, API access would be for all accounts.

It can be any system user -- what you could do is grant them sudo privileges.

Submitted by ice on Thu, 05/23/2013 - 19:42

So, if I will add a "temp" user and allow him to run /usr/sbin/virtualmin via sudo, how the command will be?

wget -O - --quiet --http-user=temp --http-passwd=pass --no-check-certificate 'https://ip:10000/virtual-server/remote.cgi?program=list-domains'

Where I will pass the sudo prefix to run the program?

Please notice that I will not use this locally.

Submitted by andreychek on Thu, 05/23/2013 - 19:49

You would need the user "temp" (in your example above) to have sudo privileges to execute all programs on your system as root.

It doesn't matter what user calls "wget", it's that the user that's logging into Virtualmin has to have root privileges on the system Virtualmin is running on.

Submitted by JamieCameron on Thu, 05/23/2013 - 21:40

Also, if you want to allow access to the remote API via HTTP, you can create an extra Webmin login as follows:

  1. Go to Webmin -> Webmin -> Webmin Users, and create a new user.
  2. In the "Available Webmin modules" section, select only "Virtualmin Virtual Servers"
  3. Create the user, then click on his name to edit again.
  4. In the "Permissions for all modules" section change "Can accept RPC calls?" to "Yes"

Submitted by ice on Fri, 05/24/2013 - 06:08

Thank you Jamie.

I will try it and let you know if I need any other help.

Have a great day!