I created a Virtual Server for my domain with an associated administration user that is perfect for administrating my domain, but when I need to make modification on the system through webmin or modifications on the Virtual Servers (create, delete…) I can’t do it with my domain administration user, I have to log on webmin/virtualmin using root to be able to do all these modifications.
So I’m wondering wether it’s possible or not to make a virtual server administrator able to do everything in webmin/virtualmin, exactly as root is able to do.
I already tried 2 methods, but without success :
create a webmin account from a copy of root, and try to make it the administration user of my domain virtual server, but all the way I tried failed…
make my virtual server administrator a webmin user using “Convert Unix To Webmin Users”. Then “Edit webmin user” bypassing the warning saying this user is managed by virtualmin, and check all the available webmin module. This way I got only domain limited modification and only access to the virtualmin part when logged in. This was with authentic theme, but with the virtualmin framed theme, it was better, because the webmin part was fully accessible and populated. But still no possibility to create/delete virtual servers on the virtualmin side…
So when I see the difficulty to make this working, I think it’s maybe the system is not designed for this, and my idea is a bad one…
Actually the only user I found able to manage virtualmin virtual servers is root, even a new webmin user copied from root, is not able to do same as root, I mean add/remove virtual servers…
But the thing is that I found many times on the net that it’s basic security to disable webmin root login, and create a different login user with full rights to manage the system (webmin) and the virtual servers (add/remove/import…)
Am I missing something ? I don’t know where to look at now…
I think it’s a fuzzy and difficult to grasp question, but I just found the right vocabulary to express it during some other tests. So I would summarize the question by :
Is it possible for a “Server owner” to be “Master admin” at the same time ?
And the subsequent question is : what is the condition for a user to be considered as “master admin” ?
I added my freshly unix to webmin converted user, to the wheel group under Centos 7, so it gains sudo rights, but still considered as a “server owner”, not a “master admin” when I login. I also tried to add my user test directly in /etc/sudoers : test ALL=(ALL) ALL, but still the same.
But what I was surprised to see, is if I add a new webmin only user, cloning from the root webmin user, I get a user that is considered as a “master admin”, able to do everything, even if it’s not a standard unix user, so not part of any unix groups…
I feel a bit lost…I mean more than before
Ah, looks like this may have been a duplicate of another post… I responded to your other post before noticing that you posted a followup here
Actually, I’m the virtual server owner and the master admin, so I tried that to make it more convenient for me, only one login to manage all. But I could also have a master admin login (named other than root for security reasons) I’ll use to manage the system, and a virtual server owner login for emails and virtual server management…If I can’t make it, I’ll accommodate with this.
I added my server owner login to /etc/sudoers 2 ways : adding it to the wheel group and adding it directly the line : sam ALL=(ALL) ALL
But this user is still considered as server owner, not master admin when I logon.
And as I said some other strange things seems to show that the way users are recognized when login is not controled by the ability to sudo :
- The only way to create a master admin user was to clone it from root, in the webmin users section. This way, the cloned user is even not a unix user, not able to log in the system, and with no sudo rights…but considered as master admin when I log in virtualmin.
- If I create a new unix user, add it to the wheel group and also directly in /etc/sudoers file, convert it to a webmin user, then when I loggon this user, only appear as “server owner”…even not declared as server administrator
So even if I don’t want a combined master admin and virtual server admin, I still don’t have a clean way to create a master admin that is also a normal unix user…
Any idea ?
Hmm, yeah that sounds like something odd may be going on there… it should be possible to make a Master Admin using a user added to the sudoers file.
Just to make sure there isn’t an issue with an existing user – could you just try making a new system user using “useradd”, and once that user is created, then add them to /etc/sudoers.
After that, are you then able to log into Webmin/Virtualmin as that user, and do they have Master Admin rights? Or do you continue to see the same problem?
I just retried this test and it’s seems to me to become more logical and normal Here is what I got :
If a create a unix user “usertest”, add it to the wheel group (group able to sudo) this user will not be able to webmin login, because not recognized as a webmin user. There is 2 ways to make it possible :
- use “Convert Unix To Webmin Users” and assign it for example an “Admin” webmin users group created will full right
- in the “Unix User Authentication” section, allow the user created to login in webmin, either by enabling " Allow users who can run all commands via sudo to login as root" or " Allow Unix users listed below to login … " and configuring the list just after. The first option will allow any sudo-able user to login webmin as root, so with full rights as Master admin, but actually I found that it’s not a mandatory condition to be a sudo-able user in order to be considered as a Master admin will full rights in webmin/virtualmin, because of my next test…
I created a “nosudo” user and gave no sudo rights to it, added it as a webmin user making available all webmin modules, and when I login webmin/virtualmin it’s considered as “master admin” able to do everything. For example I stopped/started proftpd service using webmin, thing that this user is not able to do through SSH…
So it’s seems it’s not working as it should, does this needs a bug report or something ?
Anyway I think now my original idea to have only one user to manage a virtual server plus the system wasn’t a good idea. And since I found a way to create a root-like user to manage the system so I can disable root login for security reasons, it’s fine.
Oh and BTW I forgot to say that I tried once more to add to the sudoers file my virtual server admin, but this time without bypassing the warning to touch the webmin user right (This Webmin user should not be edited as it is managed by the Virtualmin Virtual Servers (GPL) module. Click here to bypass this warning and edit the user anyway… ). Result is the same, still webmin/virtualmin consider it as server owner…