| SYSTEM INFORMATION | |
|---|---|
| OS type and version | Ubuntu 22.04.5 |
| Webmin version | 2.200 |
I added a new system user and now that user controls Webmin and over 8000 files and directories. Ican’t delete the user without deleting all the files and root can no longer manage these files. Disabling the user does not help. How to fix?
I have no idea what you mean. The only kind of system user that has Webmin access (without it explicitly being granted by you creating a user for them) is a user that has sudo ALL privileges (and thus they already controlled everything on the server, including Webmin).
That doesn’t make sense either. Did you chown all those files to be owned by that new user?
Can you show us what that user looks like? (In /etc/passwd, and in /etc/groups, just show us the lines that have their user name in it.)
I think you’re misunderstanding what’s happening here, because what you describe seems…not really possible, at least not in all details.
No I did not Chown any files>
/etc/group = name:x:1003
/etc/passwd = name:x:1008:100:blog:/home/name:bin/sh
OK, how does that user have a Webmin user? It’s not in a group that would automatically have sudo privileges. Did you add it to sudoers? Did you create a Webmin account for this user? There’s no other way Webmin would automatically allow that user to login.
The user is not a webmin user and was not logged into webmin but it is in control of webmin. I have been using webmin for many years. First glitch and a biggie. I have a tech doing further investigation but after two days still no clue.
This continues to be incomprehensible. I have no idea what you’re saying is happening.
If they don’t have a Webmin user, they obviously can’t log in to Webmin (unless, again, they have sudo ALL privileges, in which case, they have root on the system, regardless of Webmin).
Why do you believe they are “in control of Webmin”? What do you mean by “in control of Webmin”?
My tech who is more experienced with linux than I said the user controlled webmin. I now have an attributes column in file manager for every directory and file. The user is not a webmin user or sudo user.
I added a new system user and now that user controls Webmin and over 8000 files and directories.
I still have no idea what you mean. I can’t possibly help if you won’t tell us what you’re talking about. What does “the user controlled Webmin” mean?
The user is not a sudo user the user is not a webmin user yet if I try to delete the user I am warned to do so would also delete more than 8000 files and directories owned by other users. This would seem to be an escalation of privileges, the user control of webmin is demonstrated when root tries to make changes such as add a directory root lacks privileges. Apparently webmin has given this user control over root.
How are you adding the new system users?
OK. I didn’t see this and have never used it. It would explain the group I referenced in next post.
This looks strange. Name is not in their group? Who is group 100?
Found this:
mark:x:1001:1001:mark,,,:/home/mark:/bin/bash
[--] - [--] [--] [-----] [--------] [--------]
| | | | | | |
| | | | | | +-> 7. Login shell
| | | | | +----------> 6. Home directory
| | | | +--------------------> 5. GECOS
| | | +--------------------------> 4. GID
| | +-------------------------------> 3. UID
| +-----------------------------------> 2. Password
+----------------------------------------> 1. UsernameI added the new system user with webmin.
I’m not sure why that method uses a default group of 100 or ‘users’. I’d try adding a user with “New group with the same name as user” and see if the added user is then what you expect.
‘Probably harmless’ to change the group of an existing user but I don’t know for sure.
Your description of what’s happening still doesn’t make sense to me (even if you chose group users instead of letting it create a new group with the same name as the user, which is the default on any modern system, AFAIK). The users group does not have root privileges. You should generally not use users group on a modern system, but it is not catastrophic to do so.
So, something has been changed about your Webmin configuration. Has it been configured to automatically create a Webmin user whenever you create a system user?
I continue to ask for clarification:
What do you mean by “webmin has given this user control over root”? What does that look like? How is the user logging in to Webmin? What does “control over root” mean?
And, regarding the 8000 files, I have no idea how that would come to pass, unless you gave the user a home directory of / (which is an insane thing to do, but it doesn’t look like you did that, the user home is /home/name, which should only contain stuff belonging to the user).
You do have a problem with the shell the user has. bin/sh is not sensible. It would need to be /bin/sh to actually work, in the general case. They almost certainly can’t login via ssh or console with that shell.
You have to show us what the heck you’re talking about, because none of this makes any sense, and it’s feeling like you’re intentionally wasting our time chasing impossible behaviors.
I did none of those things. This is an error I received when trying to create a diirectory
;
[28/Jan/2025:11:36:24 -0500] [47.202.131.209] /filemin/index.cgi : Perl execution failed :
On Ubuntu 22.04.5 how can I update Webmin to V2.202 from 2.200 and update the Filemin module to the latest version?
The full error message is
[28/Jan/2025:11:36:24 -0500] [47.202.131.209] /filemin/index.cgi : Perl execution failed :
That’s unrelated to anything you’ve been talking about so far. If you want to talk about an error in the File Manager, make a new topic.
Please focus on the magic user that now controls Webmin. What does that look like?
That seems to be the default so maybe it needs changed.
It isn’t on my EL systems. What OS/version are you on?
I had to install Debian 10 and then upgrade to 11. VM install wasn’t until I upgraded to 11.