Install via Webmin

18 posts / 0 new
Last post
#1 Thu, 05/15/2008 - 02:56
cus

Install via Webmin

Installed via http link and Webmin which was already running perfectly on my system (Debian 4).

Once I'd got Virtualmin installed I had to log out to get it to show in the Webmin Servers section then I activated it and set the user to root. Imported an existing virtual server test.mydomain.com and logged out as I wanted to see what effect switching the VS over to be handled by Virtualmin would have on what I could see in Webmin. Relogged in and found I've got almost no access to any part of Webmin any more... and it logs in by default to test.mydomain.com instead of mydomain.com even though the browser url is set to mydomain.com:10000!

Root user now only has access to a limited subset of Webmin (Change Language and Theme), System (change pass, run process, scheduled commands, schedule cron job), Servers (Apache and Virtual Email) and finally Other (File Manager, Protected Web Directories and SSH/Telnet).

I immediately thought about uninstalling it except I Googled and can't find anything to tell me how to do that and get my old Webmin features back. Read the uninstall hint here but it says it will uninstall Virtualmin, Webmin and Usermin and I don't want that.

Searched here and googled for info on how to set root user up so it had TOTAL access to EVERYTHING... can't find anything on that either.

I'm assuming the root.acl file plus something else manages all of this interaction between root user and Webmin with Virtualmin and that somewhere there is a way of fixing my problem... but I can't even find anything that describes each of the settings listed in root.acl...

So where do I go from here?... any pointers to help files, lists of settings etc gratefully received. Would deleting the root.acl file return control to the Webmin root user?

Thu, 05/15/2008 - 22:41
Joe
Joe's picture

Edit /etc/webmin/webmin.acl

Find the root: line, and replace with:

[code:1]root: backup-config change-user translator usermin virtualmin-notes server-manager webminlog webmin servers acl bacula-backup init passwd quota mount fsdump ldap-client ldap-useradmin logrotate mailcap mon pam proc at cron sentry software inittab desktop man syslog useradmin virtualmin-init security-updates virtualmin-awstats apache bind8 pserver dhcpd dovecot fetchmail frox jabber majordomo mysql openslp postfix postgresql proftpd procmail qmailadmin mailboxes sshd samba sendmail spam sarg squid virtualmin-google-analytics virtualmin-mailman virtualmin-svn virtual-server virtual-server-gpl wuftpd webalizer adsl-client bandwidth ipsec krb5 firewall exports nis net nettools pap ppp-client pptp-client pptp-server stunnel shorewall virtualmin-registrar idmapd filter burner grub raid lvm fdisk lpadmin smart-status time vgetty cluster-passwd cluster-copy cluster-cron cluster-shell cluster-software cluster-usermin cluster-useradmin cluster-webmin cfengine heartbeat shell custom extjs file tunnel phpini php-pear cpan htaccess-htpasswd ruby-gems telnet status updown virtualmin-dav virtualmin-htpasswd virtualmin-slavedns virtual-server-svn dfsadmin dnsadmin inetd ipfilter ipfw lilo smf syslog-ng xinetd virtualmin-oracle virtualmin-mysqluser virtualmin-signup exim ldap-server[/code:1]

Restart Webmin.

Don't specify root as the owner of virtual servers in the future (it makes no sense--root owns <i>everything</i> on the server.

But, you're not alone. It happens every couple of weeks...I thought it was impossible to do in recent versions, but I guess we haven't actually fixed it.

--

Check out the forum guidelines!

Thu, 05/15/2008 - 22:43 (Reply to #2)
Joe
Joe's picture

Oh, yeah...You'll also need to use the Webmin:Webmin Users module to re-grant &quot;root&quot; access to everything in the Virtualmin Virtual Servers module, the Apache module, the BIND module, and the MySQL and/or PostgreSQL module. Maybe also in the Read Mail module.

A virtual server owner is a pretty heavily restricted account type, and so it imposes a lot of restrictions in a lot of places if you convert root into such a user.

--

Check out the forum guidelines!

Fri, 05/16/2008 - 00:39 (Reply to #3)
cus

<b>Joe wrote:</b>
<div class='quote'>Edit /etc/webmin/webmin.acl
Restart Webmin.
</div>

[color=#000080]Thanks Joe!... that was easy enough, just a matter of knowing where to start and what to put in...

<div class='quote'>Don't specify root as the owner of virtual servers in the future (it makes no sense--root owns <i>everything</i> on the server.

But, you're not alone. It happens every couple of weeks...I thought it was impossible to do in recent versions, but I guess we haven't actually fixed it.</div>

Yes I see that now... however in explanation I should advise that when I'd installed Virtualmin and then went to import the test.mydomain.com site, &quot;root&quot; was automatically inserted into the Administrator name field (presumably because I was, at the time, logged into Webmin/Virtualmin as root) and, as we so often do these days, I left it there with out thinking about the consequences.

I found a hint on the web that indicated that if I granted root acl access only, via Webmin, ignoring the warning that root should not be altered as it was managed from Virtual Email, I would be able to log in and reset privs - it didn't actually work but as I had previously set up another user anyway I simply shelled in and set all that user's settings to &quot;1&quot; in the /virtual-server/username.acl file for that user and got back access to a large part of the administration menus, etc., and snooped around to see what I could change while waiting to see if anyone answered my post.

To date, I've still not found a way to change the Administrator and ownership of test.mydomain.com and root user is still &quot;managed&quot; by VirtualEmail Server... in fact I'm not seeing any reference to the Virtualmin Virtual Servers module mentioned in your second post and my &quot;other&quot; privileged user is still told root is managed by VirtualEmail and that it should not be edited in Webmin.

I'm still looking for a way to change the ownership of the test domain or a way to delete it completely and start from fresh... I've had a snoop around and noted both Webmin and Virtualmin have acl files for the three users on the system plus the webmin.acl file I've already edited. I've also noted that the acl files in Webmin contain the line [desc_virtual-server=Virtual Email] without the square brackets - does this need changing?

I'm running Debian 4, prior to installing Virtualmin GPL I upgraded to Webmin 1.410.[/color]

Fri, 05/16/2008 - 01:05 (Reply to #4)
Joe
Joe's picture

<div class='quote'>Yes I see that now... however in explanation I should advise that when I'd installed Virtualmin and then went to import the test.mydomain.com site, &quot;root&quot; was automatically inserted into the Administrator name field (presumably because I was, at the time, logged into Webmin/Virtualmin as root) and, as we so often do these days, I left it there with out thinking about the consequences.</div>

Your browser did that. It's not filled in, by default.

<div class='quote'>To date, I've still not found a way to change the Administrator and ownership of test.mydomain.com and root user is still &quot;managed&quot; by VirtualEmail Server... in fact I'm not seeing any reference to the Virtualmin Virtual Servers module mentioned in your second post and my &quot;other&quot; privileged user is still told root is managed by VirtualEmail and that it should not be edited in Webmin.</div>

Virtual Email is the highly restrictive version of Virtualmin--basically, it is Virtualmin Virtual Servers, but since in that mode you can only edit mail boxes, it changes its name to something somewhat more sensible. Kind of. This mode probably should not be the default permission granted to new virtual server owners, as it's rarely what people want...but it's kind of the &quot;least privilege&quot; path, and we assume people will all have different ideas about what else they want their virtual server owners to be able to do.

I'm not sure what else you would need to do, other than use the Webmin Users module to grant full access to all of the modules I listed above (are you <i>sure</i> you actually tried to use the Webmin Users module? I'm thinking you went to the System Users and Groups module...but I might be wrong).

--

Check out the forum guidelines!

Fri, 05/16/2008 - 01:41 (Reply to #5)
cus

Yes definitely using Webmin/Webmin/Webmin Users

root is there but I'm told its managed by VirtualEmail when I click on the root user... &quot;This Webmin user should not be edited as it is managed by the Virtual Email module. Click here to bypass this warning and edit the user anyway - but beware that any manual changes may be over-written!&quot;... my other user gets the full range of options showing up under Webmin Users [Webmin User access rights, User Interface Options, Security and Limits Options and Available Webmin Modules]

BTW how does one get access to a less restricted version of Virtualmin than the Virtual Email version? I don't recall being given any options to set up a less restricted version...

Thanks for all your help so far... I'm thinking it might be quicker to completely wipe my server and reinstall Debian etc and start with a totally clean slate... the time involved might work out to be less in the end... as usual I'm speaking from the position of a novice Virtualmin user....

Tue, 05/26/2009 - 10:37 (Reply to #6)
okayneil

ssh login has been killed for some reason. I cannot login to change anything. I think i need to reinstall right?

Tue, 05/26/2009 - 10:45 (Reply to #7)
andreychek

Hmm, I'm beginning to lose track of what the actual problem is, but if SSH is down, you can re-start it from within Virtualmin (in Webmin -&gt; System -&gt; Startup and Shutdown, then choose SSH, and click &quot;Start&quot;).

If Webmin isn't available either, then you'd probable require console access to the system to manually launch them from the command line.

But there's no reason to reinstall, those are all solvable problems.
-Eric

Tue, 05/26/2009 - 10:46 (Reply to #8)
Joe
Joe's picture

<div class='quote'>I think i need to reinstall right? </div>

Where does this &quot;something isn't working, let's reinstall&quot; instinct come from? That's crazy talk.

It's like saying, I dropped a french fry between the cushions. I think I need a new sofa, right? ;-)

If you have no other way to get access to the system as root (like the physical console), you would want to try rebooting first. That will probably bring ssh back up, and then you can login and correct the problems with Webmin.

--

Check out the forum guidelines!

Tue, 05/26/2009 - 11:10 (Reply to #9)
okayneil

yeah see I would do that if i had access to root in webmin, but i dont, i also dont have access to ssh.

I imported a virtual server by accident i must add, with the login root + the same password i used for the main root account = overwrote the full access account. I then took your advice Jow and tried to ssh in there, but for some reason ssh wont let me in with any password.

Miy sites are all still up and running, i just dont have access to anything :(

Tue, 05/26/2009 - 11:16 (Reply to #10)
Joe
Joe's picture

So have you tried rebooting? I'm sure if you have the ability to reinstall, you have the ability to reboot.

--

Check out the forum guidelines!

Tue, 05/26/2009 - 11:23 (Reply to #11)
okayneil

No i have no access to my server whatsoever. Thats the problem :(

I was going to call hosting guys and see if they could do something, reset password etc

Mon, 05/25/2009 - 07:44
okayneil

I have the same problem, but i cant find /etc in my file manager due to the limited access i have.

Any ideas?

Mon, 05/25/2009 - 07:52 (Reply to #13)
andreychek

Howdy,

So, what problem are you having exactly?

And, there's a Java file manager within Virtualmin that you can use (it's a webmin module), that you can use to access /etc/ if you're logged in as root.

Also, you can use a tool like Putty to SSH in and make changes from the command line.
-Eric

Mon, 05/25/2009 - 07:59
okayneil

I have the same problem as the dude above me here. I wanted to import a virtual server, but ended up creating one with root username and same password. Now I dont have full access, instead everything is very limited. what i wanted to ask was how i can fix this. It seems the admin here has given a solution where by it involves editing a certain file, but because I have limited access i cant see those files.

Complicated I know :(

Mon, 05/25/2009 - 08:55 (Reply to #15)
Joe
Joe's picture

You need to login via ssh and edit the file using the command line (whatever your favorite text editor is will do; vim, emacs, pico, etc.).

--

Check out the forum guidelines!

Mon, 05/25/2009 - 09:31
okayneil

any chance of a step by step/how to?

im a ssh noob :(

Mon, 05/25/2009 - 10:22 (Reply to #17)
Joe
Joe's picture

A step by step how to for what? You mean logging in over ssh, or the actual editing of the file? (The latter is covered earlier in the thread, though you do have to know how to use some text editor.)

For SSH just download PuTTY (if you're using Windows; if Mac OS X or Linux you already have ssh) and use it per the documentation. It's pretty simple.

--

Check out the forum guidelines!

Topic locked