I assume this is related to the way virtualmin handles users;
When i add a user, i.e. sub server tier 2 account under a reseller package,
or a FTP User to an existing site,
the new user receives the same UID as the domain owner.
now doesnt this result in a small security risk to the domain owner?
any explanation on why this is the way it is?
i get a few complaints from IDS software about mutiple users with the same UID, and when a sub server tier 2 user logs on using FTP (for example), the user & groups module updates the last log in time for all users under that domain
kinda hard to pinpoint which user actually logged on, no?
thanks!
as a follow up to my own post (something that happens alot here on the virtualmin forums ^_^) i have found a setting under the ACL listing for the user & groups module;
This setting seems to control whether or not a user can create accounts with the same UID
now, i could add this to the webmin group that administrators belong to, but i am not sure if i would be changing some default functionality that exists for a specific reason:
if one of the authors of webmin could answer this for me some time soon (we are readying for launch/to go Live), it would be greatly appreciated.
note: just to clarify: does sub server and FTP access only accounts get the same UID as their domain owner for a specific reason, and does this not propose a slight security vulnerability to the domain owner?
thanks ahead of time!
i guess one obvious "advantage" would be that disabling the UID by number in theory would disable all sub servers and ftp users for that account,
however, as previously stated, the user & groups module updated the last log in time for every user in the domain, when any sub server or ftp user logs in to the machine
and my concern is that this also carries additional implications, such as the latter