Hello
We want to create a user for each developer, so that they don’t login to Virtualmin with root user (i know webmin/virtualmin work on root user).
We don’t want developers to know root password, and if possible we’d like to limit their access to virtualmin system settings.
Is it possible?
Tried created webmin users, but they don’t have access to virtualmin at all.
virtualmin modify-admin --name kostas --all-domains doesn’t seem to work, either by adding each one domain per time.
Sounds like you haven’t visited the Webmin docs regarding Users and Access Control: Webmin Users | Webmin
if you mean an additional admin per domain/server for each Virtual Server, thats the item Virtualmin – [select Virtual Server] – Manage Virtual Server – Manage Extra Admins
See if that is what you are looking for
They said “with access to all websites” in the title, so I assume they want a root-like user, at least for Virtualmin, which can’t be done in Virtualmin, it needs to be done in Webmin using access control.
No, i was looking in Virtualmin docs, not webmin.
However this doc seems very outdated, most of what it’s written, doesn’t exist in current webmin version.
Anyway for any else who wants to figure it now, i post what must be done.
- Create a Webmin privileged user (Webmin → Webmin users)
- Under Available Webmin modules, give access to Virtualmin Virtual Servers, and what else you want for examble, like File manager, PHP configuration.
If want to add more users (for examble a user for each deleloper), create a group and configure module access there, and add every user to this group, for time saving.
Unfortunately, user still has root access in all filesystem, and you can’t control what he does into Virtualmin module (like not giving access to delete a virtual server). I hope this could be changed in future virtualmin version, as most sysadmins, don’t want users to be able to delete for example a vhost, and of course not having access to system’s files.
1 Like
Ah, you want reseller accounts. That’s currently only in Virtualmin Pro.
Though I’m not sure multiple resellers can own/manage the same domains…
Oh, but for “root access in all filesystem”, I’m pretty sure that’s configurable via ACLs, if you’re talking about the File Manager. I’m not sure if it has an option for “everything in /home and nothing else” though. That’s just not something that’s come up.
But, also, you say “most sysadmins”, but your use case hasn’t really come up before. Generally speaking, you have people that are admins who can manage all domains and the server itself, and people that manage a few websites which they own and manage themselves, but they can’t really touch anybody else on the system. I understand what you’re after, and I guess I understand it. And, we do try to make safe delegation a feature we do better than most…so, I’ll talk it over with the other devs and see if there’s anything we can do make this use case easier.
No, i want accounts for each developer. Reseller account doesn’t help in this case
ACL has an option to set Browse files as Unix user to an exact user. but after saving, it reverts to root. But this works properly on users made by Virtualmin for each domain. Is it a bug? check the video Upload files for free - screengrab-2024-02-27_19.36.14.mp4 - ufile.io
I know it’s not a common asked feature, as most companies give either root access to their developers, or different access per website they work. But i tried to find a solution in the centre
This topic was automatically closed 8 days after the last reply. New replies are no longer allowed.