Submitted by yngens on Thu, 08/03/2017 - 13:21
I am trying to setup a plan with minimum absolutely necessary options, so I enabled only the following capabilities for the plan:
Can select PHP versions
Can manage SSL certificates
Can make backups
Can change domain's password
All other capabilities are disabled. Particularly, what was important in our use case - I made sure the virtual server's owner can not edit domains, manage users or aliases. However, when logging in as a user I can click on the Configure Website under the Servicesoptions and do changes to various website options. I do believe the Configure Website link should be completely removed if a user has no permission to edit the website.
Status:
Closed (fixed)
Comments
Submitted by yngens on Thu, 08/03/2017 - 13:36 Comment #1
What is worse - user with minimum permissions still have access to
Webmin > System > Scheduled Commands Webmin > System > Scheduled Cron Jobs
Webmin > Servers > Apache Weberver Webmin > Servers > BIND DNS Server Webmin > Servers > MySQL Database servers
etc and all sub-options. So simple task to create a plan with minimal options totally fail with Virtualmin :(
Submitted by JamieCameron on Thu, 08/03/2017 - 17:28 Comment #2
You can limit which of these users can access at the Template level, at System Settings -> Server Templates -> Default Settings -> Administrator's webmin modules.
I follow the System Settings -> Server Templates -> Default Settings -> Administrator's webmin modules. However, I do not see any option to remove the Configure Website option, see https://snag.gy/q0FRc9.jpg
Any suggestions?
Edit: Just disable Apache Webserver (for virtual host) in Administrator's webmin modules. This should remove Configure Website in Services
Fix