|OS type and version||Ubuntu Linux 20.04.4|
We’re trying out Virtualmin for managing websites developed and hosted by us, for various different customers.
The idea is to simplify management so each development team only sees the websites they are responsible for, and they get a GUI for most common tasks like updating websites and their associated databases and files etc. instead of having to do everything manually via SSH.
In practice, it should work something like this:
Developers each have their Active Directory accounts assigned to one or more groups (can be AD groups or groups managed by Virtualmin itself) - For example, Team A, Team B, Team C etc. Team A might then have access to fancywebsite-com and awesomecompany-com while Team B are responsible for veryprofessionalwebsite-com, and so on. So when Joe who’s a member of Team B logs in, he only sees veryprofessionalwebsite-com. He should not be able to access other websites, restart the server etc.
So far I’ve been able to have AD users log in to Usermin via PAM, but from there I’m a bit confused. It doesn’t seem Usermin users map to anything directly in Virtualmin. So when you give this Usermin user access to Virtualmin, they see every website. When you create a new website in Virtualmin, it automatically creates a single admin user. I can add more users to a website, but they automatically get the domain of that website appended (rather than for example OurLocalAD-com). Maybe if I created one top-level server for OurLocalAD-com and made everything else a sub-server of that? Also, I see no way to add a group (AD or Usermin group) to a Virtualmin website.
Is this scenario even feasible with Virtualmin, and if so, how should I go about to set it up? Or would some other solution be better?