In Virtualmin, if I have a customer whose UID:GID is custid:custid, and there are e-mail accounts on the domain whose UID:GID values are mail1.custid:custid, mail2.custid:custid, etc., it would seem to me that the domain owner would be able to create/delete/inspect the files found in each of the mail user accounts (in the /homes/mail1, /home/mail2, … directories).
In my /etc/proftpd.conf file, I’ve set:
Umask 007
When user directories are created via Virtualmin (Edit Mail and FTP Users), the directory created (e.g., /home/mail1) has mode 0700. Of course, then the domain owner can’t login as the domain owner and read/write files and directories.
I’d like the account owner to be able to have complete access to all content within the account (all domains, all homes areas, etc.).
The solution was to change every occurrence of 0700 with 0770, and every occurrence of 0600 with 0660. In addition to this, the file:
/etc/proftpd.conf
needed to be modified. It needs to have the directive:
Umask 007
If absent, add it; if there is another value (e.g., 027), then change it to 007.
With those two changes, the account (top-level server) owner can now read and write files that belong to users created via Edit Mail and FTP Users.
It would be nice if there were a GUI that allows one to choose the one mode or the other. It might have to be a solution that applies to all domains. But, if the Virtualmin team can figure out an even more elegant way to do this, it would be a big help for people who want the top-level server user to have the ability to read and write all files in the account.