allow new sub user to have ftp/ssh

15 posts / 0 new
Last post
#1 Wed, 06/04/2008 - 13:36
max

allow new sub user to have ftp/ssh

Added a vhost and then added an additional user to the vhost. the new user only has email access.

How do I enable "sub-users" to have FTP/SSH ?

I would need to fix the current user as well at add this to the default template.

I looked through "module config" and the "templates" but it is not clear.

Thanks, Max

Wed, 06/04/2008 - 14:20
ronald
ronald's picture

you can always (for existing users) go to webmin - system - users and groups - click on the users you want to edit - under Shell choose /bin/sh for shell access, choose /bin/false for ftp access.

when creating a mail/ftp user you see the template and under Other user permissions you can choose the permissions in the dropdown menu.

you know what I did before using webmin and still do is visit the http://doxfer.com/Webmin/Modules and read the documents a couple of times to get more insight into the system. (hint :P)

Wed, 05/20/2009 - 08:06 (Reply to #2)
SoftwareLibrarian
SoftwareLibrarian's picture

sorry if I'm missing something obvious, but how do I give an existing user website ftp access? I mean, without deleting the existing user and creating a new one - that doesn't seem right...

- -
Software Librarian
SyntheticPress.com

Wed, 05/20/2009 - 08:50 (Reply to #3)
ronald
ronald's picture

you can always (for existing users) go to webmin - system - users and groups - click on the users you want to edit - under Shell choose /bin/sh for shell access, choose /bin/false for ftp access.

Wed, 05/20/2009 - 08:53 (Reply to #4)
andreychek

You can also go into Edit Mail and FTP Users, choose a user in question, click "Other user permissions", and set the login permissions they should have.
-Eric

Wed, 05/20/2009 - 10:12 (Reply to #5)
SoftwareLibrarian
SoftwareLibrarian's picture

When I try to set the user's home directory to public_html , I get the error "Failed to save mailbox : Home directory /home/[domainname]/public_html already exists".

- -
Software Librarian
SyntheticPress.com

Wed, 05/20/2009 - 14:39 (Reply to #6)
andreychek

Howdy,

Jamie responded to a similar problem just recently over here:

http://www.virtualmin.com/index.php?option=com_fireboard&Itemid=77&a...

The big question was, does the issue still occur in the new 3.69 release that just came out?
-Eric

Wed, 05/20/2009 - 15:49 (Reply to #7)
SoftwareLibrarian
SoftwareLibrarian's picture

Yes. I'm running 3.69. When switching the user home directory from 'Automatic' to specifying 'public_html', I get the 'Failed to save mailbox...' error mentioned above.

- -
Software Librarian
SyntheticPress.com

Wed, 05/20/2009 - 15:51 (Reply to #8)
andreychek

Okay, I'd recommend filing a bug report regarding that so Jamie can take a look.
-Eric

Wed, 06/04/2008 - 14:31
Joe
Joe's picture

Depends on what you want them to have FTP/SSH access to.

If you want to create additional users to manage website content, you want to use the "Add a website FTP access user." link to create your user--this creates a user that has FTP (and optionally ssh) access to the website data.

If you want mailbox users to be able to upload/download files from their home directory via FTP/SSH you'd set their access to "Mail and FTP" in the "Login permissions" field in the Other User Permissions section of the create user page.

To allow virtual server administrative users to create FTP users (which I think is the default, but maybe not), you'd set the option labeled "Can create FTP users?" in the Module Configuration "Server administrator permissions" section.

Note that all "administrative" class users--the kind that edit web pages or manage Virtualmin--are different and separate from Mailbox users...by design. It's kinda like the differentiation of "root" from non-privileged users on a UNIX/Linux system. The goal being to make sure people know they're doing something that effects the website.

Note also that some types of access are not entirely intuitive, as they are based on the shell that the user has (normally the system default shell for SSH users, nologin or false for FTP users, and /dev/null for mailbox users), though we do now include a page specifically for managing shells--it's in the System Customization menu.

FTP access is determined by the shell of the user, and optionally inclusion in various access files. Virtualmin can manage both the shells and the access files, but the shells aspect is the easiest/simplest. Basically, when you enable FTP Virtualmin chooses the shell you've configured (or the default) in the Custom Shells page. Likewise for other types of access.

One more thing to be aware of is that when using suexec for applications, the executable files in cgi-bin and public_html cannot be group writable, as suexec will refuse to run them. Thus, a user that doesn't share UID with the administrative user cannot possibly edit anything executable. And, of course, we don't advise creating mailbox users with the same UID as the administrative user (actually that'd be kinda crazy).

Anyway, this is why the model works the way it does, and why you don't create mailbox users to manage website content within the domain. There is a special account type just for that purpose. Giving up suexec to avoid that limitation isn't worth the significant loss of security.

Confused yet? I know it's intimidating. It's one more area where Virtualmin's flexibility gets in the way of "easy". The Custom Shells page is pretty new, and doesn't have as much documentation as it should. I'll see about getting that corrected soon.

--

Check out the forum guidelines!

Wed, 06/04/2008 - 22:14
max

just wrote a long post explaining my woes..

It got erased because I got logged out out or timed out.
The short of it is I cant find :

"Add a website FTP access use"

Thanks,
Max

PS tried using the webmin technique and that did not work. I feel like I shouldn't have to touch webmin much anyway.

Wed, 06/04/2008 - 22:19
max

Also it would be nice to allow the user to access the slick vmin file manager.

Wed, 05/20/2009 - 09:36
SoftwareLibrarian
SoftwareLibrarian's picture

There's a difference between 'ftp access' and 'website ftp access'. I have an existing user with ftp access to their own directory (and so their is /bin/false) - that's what you can set for existing users under 'Other user permissions'. I want this user to have access to the website directory.

- -
Software Librarian
SyntheticPress.com

Wed, 05/20/2009 - 09:59 (Reply to #13)
andreychek

In that case, go into Edit Mail and FTP Users, choose the user, go into Quota and home directory settings, and change the users home directory to be public_html (or whatever other directory you want to be their "root" whenever they log in).
-Eric

Wed, 06/20/2018 - 02:15
wazaki

New user of the sub access that to allowing by the main head and server of the additional emails accounts. Users can to the emails of superior papers identity that for prosecution the conjunction of the all students that use this.

Alias aut ad omnis fugit sed optio exercitationem quis sunt quod deserunt velit fugiat distinctio Sunt

Topic locked