Hi all,
I was wondering if there's a method to create some sort of "FTP superuser" with write permission on every virtual hosts created with Virtualmin. We use Virtualmin internally and all virtual servers are used by our develepers team, not by external customers. So we would like to provide them with system-wide personal FTP accounts in order to manage files on all virtual servers without the need to remember a user/password set for each virtual server.
We could create a standard user which belongs to the groups associated with the desired virtual servers and play with set-gid and umask to get the right permissions. I guess this is not very secure: files created with this account would be executed with higher privileges, and would not provide the necessary isolation between virtual servers.
Am I right? Any hint?
thanks in advance Nick
Howdy,
There isn't a good way to have one user be able to edit multiple top-level Virtual Servers.
If you want an FTP user with rights to all the domains on your server, the best way to do that would be to make all of your domains Sub-Servers, under one top-level Virtual Server.
At that point, then all the files and dirs in those domains would be owned by the same user and group, and a single FTP user could modify all of them.
-Eric
Thanks Eric,
unfortunately a single owner for all domains would not provide isolation and security with mod_fcgid, which is also a requirement for our environment. There is probably no solution, as these two requirements are somehow inherently conflicting.
I think we will create a Virtualmin user for each developer and let them lookup FTP passwords directly from the Virtualmin interface.
Thanks again -Nick