Allow Top-Level Server User to have Read/Write Access to all Data

See http://www.virtualmin.com/node/13555

Feature Request: Allow the top-level server user to have read/write access to all data in the account (via the group permissions). To accomplish this, the virtualmin code must create new homes directories that enable group read+write+directory traversal. In addition, Proftpd needs to have a umask so that the files or directories created via ftp will be set correctly.

I've got a workable solution below. I'm sure you can come up with something more elegant. Perhaps allowing it to apply to not just everyone or nobody, but on selected top-level servers only.

A lot of my customers were screaming for this. My solution has the benefit of stopping the screaming! :-)

========================= SOLUTION:

I've done some work on the code and I've found a solution. It amounts to modifying the file:

/usr/libexec/webmin/virtual-server/virtual-server-lib-funcs.pl

in the function:

set_usermin_imap_password

The solution was to change every occurrence of 0700 with 0770, and every occurrence of 0600 with 0660. In addition to this, the file:

/etc/proftpd.conf

needed to be modified. It needs to have the directive:

Umask 007

If absent, add it; if there is another value (e.g., 027), then change it to 007.

With those two changes, the account (top-level server) owner can now read and write files that belong to users created via Edit Mail and FTP Users.

It would be nice if there were a GUI that allows one to choose the one mode or the other. It might have to be a solution that applies to all domains. But, if the Virtualmin team can figure out an even more elegant way to do this, it would be a big help for people who want the top-level server user to have the ability to read and write all files in the account.