Security behavior changed in latest version, I’m not really happy with this, but that was done to be more close to the original FM’s security model.
So now every user works as root by default and so is able to see whole FS. To change this you can either create group that is restricted to work as UNIX user, or you can change default ACL option in /usr/share/webmin/filemin/defaultacl, make sure that work_as_root line is not defined or =0.
Amazing job man, Filemin is great! Thank you.
Hi RealGecko,
Thank you very much for your great software and advice. Will test it out with chaning the default ACL option.
Hi RealGecko,
It works great with all virtual domain users and they are all limited to their $home folders after making the change. Thank you very much.
Hello a question: filemin is available only on webmin/virtualmin administrators by default.
How to enable to all virtual server administrators/users?
Go to Virtualmin - System Settings - Virtualmin Configuration and in Server Administrator Permissions section change Extra Webmin modules for server administrators option, add filemin there (either manually or with cool module selector popup).
PS: Note that it will be accessible to Server Administrators in Webmin menu not Virtualmin. I’ll fix that issue in next release.
WARNING! ACHTUNG! ALARM ALARM!!!
Webmin 1.770 is out! Filemin is now in da core. No more need to manually install.
NOTE!!! Fresh installation makes all users able to access Filemin WORK AS ROOT AND SEE WHOLE FILESYSTEM.
PERFORM SECURITY TIGHTENING AFTER UPGRADE AND FRESH INSTALLATION.
Hello … how to tightening the filemin module for show only the vserver home?
There is some conf to do somewhere?
Go to Webmin - Webmin Users and create new group here, for example Fileminoids. Click on newly created group and note Available Webmin Modules section. Under Others subsection you’ll see File Manager link, click on it. You’ll see Filemin security options. Put $HOME inside Allowed Paths and check Same as Webmin login in Access files as Unix user.
Now make every new user part of that group. TADAAAA! You’re happy :)))))
Ok, but it will be apply only on new users?
On every user in that group, unless overrided individually on per user basis.
Webmin’s security model for any module is like this user settings > group settings > defaultacl
If no settings are setup for any particular user, then defaltacl is used, that gives everyone ROOT permissions in case of Filemin.
If settings are done for group user is a member of, then group settings will override defaultacl.
If settings are set for user, then it overrides group’s settings.
Ah ok, users must be associated manually to that group… because i followed your instructions but nothing was changed
Changing defaultacl is fast decision, but it may be overwritten after update. So no go.
Setting options on per user basis is boring - you create user, you change settings, blah blah blah.
Setting up group is easy - you set up permissions once and then simply add desired users to that group and voila, everything is secure and fast 
Ok … i’m searching for that … not with great results … where’s to set up group <–> user association?
Webmin - Webmin Users, you’ll see the list of users, click Select All and right below there is a button Add to group.
Thank you for support
U’r welcome
Argh … when i click [Add to Group:] , page change to " Failed to delete users : One of the selected users is marked as non-editable " … like if i want delete the users …
Are you sure you click Add to Group???
Of course, i tryed with two different browser and two different theme ( authentic, the default, and the framed gray ).
EDITED: [DELETE USERS] and [ADD TO GROUP BUTTON:] seems to have the same href destination.
My system is: Debian 8.2 vps with :
Webmin version 1.760
Virtualmin version 4.18