New Virtual Server users have incorrect permission


When creating a new Virtual Server, the user that is created is able to do things such as :

[li]Start/Stop/Restart Apache[/li]
[li]Start/Stop/Restart MySQL[/li]
[li]View all MySQL databases and edit permissions[/li]
[li]Edit ‘DNS Options’ in Virtualmin[/li]

Why are they allowed to do this when created? O_o I can’t find anywhere in the Virtualmin config to limit this. (Virtualmin 3.53 + Webmin 1.4 btw)


Ok, seems the first 3 have fixed them selves with my playing around =3. The last one though, still stands.

The link ‘Server Configuration->DNS Options’ still exists, and users can edit. Why so?

Look in your Module Config under Webmin modules available to server admins. Say ‘No’ to BIND DNS Server (for DNS domain)

Hum, that is what it’s currently set to.

Note that almost all options in Module Configuration and Server Templates are applied to new virtual servers, and NOT existing virtual servers. You need to edit the virtual server(s) in question to disable this stuff.

Though, frankly, I can’t figure out how you ended up with permissions like you described in your first post to start with–I thought it was pretty hard to grant such wide-reaching privileges to virtual server owner accounts (not impossible, of course, as Virtualmin is very flexible and generally assumes you really want to do what you tell it to do).

Hi Joe,

I have been deleting the virtual server and creating it again many times to test other things, yet the option still remains. I’ve also tried setting the option back to yes, then set to no again. Still no luck.


Hey Alex,

Sounds kinda bug-like, as it really should be difficult to grant limitless privileges in any of the Webmin modules to a Virtualmin virtual server user. I’ll ask Jamie to chime in here.

At the moment, there’s no way to stop users from accessing the ‘DNS Options’ page. But it is pretty harmless, as all they can do is manage SPF records in their domain.

But in the next Virtualmin release, I won’t allow it if users are allowed to edit DNS records in general.

Ok, thanks very much Joe and Jamie =)