Delegate all permissions and available modules for Webmin users to Webmin groups they belong to

Submitted by yngens on Thu, 02/11/2016 - 06:00

When Virtualmin creates a website its username is created also as a Webmin user with number of the "Available Webmin modules" and "Permissions for all modules" set which then override the respective settings for Webmin group (when such user added to the group). Is it possible to strip out all the permissions and modules on a user level, so that user gets them from the group settings it belongs to?

Status: 
Closed (works as designed)

Comments

Submitted by JamieCameron on Thu, 02/11/2016 - 22:00

No, this isn't supported. Also, it would be nearly impossible to support because the webmin modules granted to a Virtualmin domain owner depend on what domain features he has active, and are also further restricted to limit which DBs, files and websites he can access.

Submitted by yngens on Fri, 02/12/2016 - 02:00

I see. In that case I have two questions:

  1. Is there some kind of CLI command to strip off Webmin users all permissions, so that we could script it? (The intention is to give them custom permissions trough groups)

  2. Is there a way to control which permissions Webmin users get when created by Virtualmin?

Submitted by JamieCameron on Fri, 02/12/2016 - 22:59

Can you tell us more about exactly what you are trying to configure here? We may be able to offer a more supported solution..

Submitted by yngens on Sun, 02/14/2016 - 18:03

Can you tell us more about exactly what you are trying to configure here? We may be able to offer a more supported solution..

When creating a virtual server in Virtualmin with "Webmin login enabled?" checked on it will also automatically create a Webmin user with the following "Available Manager Modules" (in addition to those from group):

  1. Webmin Log
  2. Change Passwords
  3. Scheduled Commands
  4. Running Processes
  5. Scheduled Cron Jobs
  6. System Logs
  7. Apache Webserver
  8. BIND DNS Server
  9. MySQL Database Server
  10. Virtualmin Domains

I am looking for a way to automatically cancel all these modules and delegate module assigning to Webmin groups. I mean Webmin users eventually will get modules, but only though Webmin groups they belong to. So basically I'd like to build a *min system where Virtualmin/Webmin users are created with no permissions (modules) at all, but assigned all needed permissions (modules) through Webmin groups they belong to.

Submitted by JamieCameron on Sun, 02/14/2016 - 20:09

So I can see two options :

  1. When creating a domain, don't enable the webmin login feature at all. Instead, create the webmin user for the domain manually with the exact permissions you want. This could even be scripted by creating the appropriate files under the /etc/webmin directory.

  2. Disable all those modules at System Setting -> Server Templates -> Default Settings -> Administrator's webmin modules, and instead make the admin a member of a webmin group that has those modules enabled.

Submitted by yngens on Mon, 02/15/2016 - 23:36

Status: Active ยป Closed (works as designed)

Thanks. I will run some tests on this.