Submitted by masterg0g0 on Sat, 06/25/2016 - 04:17 Pro Licensee
Hello,
I realized that the reseller have access to the whole system via the filemin module.. where could i restrict this.
Regards,
Status:
Closed (works as designed)
Comments
Submitted by andreychek on Sat, 06/25/2016 - 10:18 Comment #1
Hmm, is your reseller able to see the home directory and files of users he isn't the reseller for?
Submitted by masterg0g0 on Sat, 06/25/2016 - 10:57 Pro Licensee Comment #2
yes, he is able to even modify them.... i think its like a root access he has..
Submitted by andreychek on Sat, 06/25/2016 - 14:28 Comment #3
It sounds like the behavior of the file manager with virtual users (such as resellers) needs to be reviewed.
But you can disable access to those users by going into Webmin -> Webmin -> Webmin Users -> USERNAME -> Available Webmin Modules, and there you can disable access to Filemin.
Submitted by masterg0g0 on Sat, 06/25/2016 - 17:39 Pro Licensee Comment #4
yea please, this can be considered as a security flaw.. should i raise the important of this ticket?
Submitted by masterg0g0 on Sat, 06/25/2016 - 17:39 Pro Licensee Comment #5
Submitted by JamieCameron on Sat, 06/25/2016 - 20:07 Comment #6
Virtualmin resellers don't get granted access to the Filemin module by default though, so it's not surprising that if one was manually granted access they would have the default (unlimited) permissions.
Submitted by masterg0g0 on Sun, 06/26/2016 - 02:07 Pro Licensee Comment #7
Thanks Jamie for the clarification.. should we close this ticket?
Submitted by JamieCameron on Mon, 06/27/2016 - 01:10 Comment #8
Yes, please do
Submitted by masterg0g0 on Mon, 06/27/2016 - 11:03 Pro Licensee Comment #9