I am using Virtualmin 3.83gpl. I went to Webmin > Webmin > Webmin Users, and I noticed that there is an “anonymous” user. I assume it’s included there by default, because I didn’t create it and when I created my virtual servers, I told Virtualmin not to create a Webmin user (nobody else is going to have access to that server). I am using the root user to access Virtualmin.
Does anybody know if there is any particular reason why this anonymous user exists? Does it represent a potential security risk?
I am also very interested to learn about the potential security risk. Particularly as the “Root directory for file chooser” is set as “/” and the “Browse files as Unix user” option is set as “root” by default. Sounds quite risky from my point of view at first glance.
On a new Virtualmin installation, there is indeed an “anonymous” user that’s created by default.
However, just like the various system users in /etc/passwd that are in there by default – the anonymous user isn’t allowed to login. It also doesn’t have access to any Webmin modules.
So there’s no security issue there, and that’s all normal.
Hi Eric,
thank you for your answer which sounds good, except for the fact that the anonymous user on my system is allowed to access the “Virtualmin Mailman Mailing Lists”. But as the user is not allowed to login (where can I check this?), I guess this is no problem anyway. Right?