Regarding format of username for domain

I found that the it only take secondary level domain name and not include first level domain

For example example.com
All created username will be
peter.example, mary.example instead of peter.example.com, mary.example.com

It may cause some 3rd party application authentication like the change password plugin of roundcue

I studied the virtualmin driver of change password plugin of roundcue

exec("$curdir/chgvirtualminpasswd modify-user --domain $domain --user $username --pass $newpass", $output, $returnvalue);

Here is a code to call a binary chgvirtualminpasswd and this binary call the /usr/sbin/virtualmin to change password.

The problem is --domain $domain , since format of username is username.domain, example will be passed to --domain instead of example.com

and that’s why change password always failed

The problem lays somwhere else. If you run the command from shell, it changes your password. Just because you run it as root.

If you run it from php or as web user from shell, you get permission denied. It’s not because the chgvirtualminpasswd has permissions problem. It’s because it calls /usr/sbin/virtualmin and if you cat this file, you will find this line:
“/usr/sbin/virtualmin must be run as root”

So it’s impossible to call the password change as user! You have to run chgvirtualminpasswd as root or “sudo” in it to run virtualmin. And this is fail at all.