Hi guys, I am getting tied into knots here trying to figure permissions, users etc.
First of all I keep getting the ‘cannot log into mysql’ message in phpmyadmin for either the user or the webmin admin so I have been trying to delete the virtual host and start again, however I wanted to transfer al the files out of the public_html directory to a backup location to save having to re-upload it.
Logging in via ftp/scp as the virtualmin admin I do not have permission to access client directories which just baffles me, looking in the user and groups section there is no mention of the admin user for me to check permissions but there is a root user - surely the virtualmin admin account should have root directory permissions in the first place?
First of all, how do I go about adding full read/write permissions of the virtualmin admin account and/or setup a group that has almost all root permissions without having to utilise the root account? Do you have any suggestions why I would be getting errors connecting to the database via phpmyadmin with accounts that have been setup?
A Virtual Server owner would have rights to see all the files of that Virtual Server, and all of it’s Sub-Servers.
But that Virtual Server owner would not have rights to any other top-level Virtual Servers.
Only root (and users with sudo access) have rights to read from multiple top-level Virtual Servers.
If, as a Virtual Server owner, you’re having trouble reading files of Sub-Servers of that Virtual Server – that may mean the permissions of that Virtual Server somehow got mixed up.
You can correct those by going into Limits and Validation -> Validate Virtual Servers -> Fix Permissions.
Are you saying that as master admin I should not be able to administer virtual server files via ftp?
The login I setup as the owner of the server which has sudo access is still being denied access to top-level Virtual Servers despite being logged in on a brand new fresh install (I got frustrated and did a wipe and installed ZPanel, then decided that I preferred Virtualmin anyway)
I have been in and fixed permissions, still permission denied.
I want to be able to limit my Virtual Servers access to their own host directory but have to still have the top level of control on the server somehow, I cannot understand how to do this otherwise other than logging in as root user (which is advised against in Ubuntu anyway)
Surely the purpose of a master admin should be to have overall control over Virtual Servers but to leave the ‘meat and potatoes’ configurations solely for sudo access?
Are you saying that as master admin I should not be able to administer virtual server files via ftp
The root does not have the ability to login via FTP on a default Linux installation. That’s a security feature.
The root user can login securely via SFTP to manage files for all Virtual Servers. An example SFTP client for Windows is WinSCP.
Be careful though, as files and directories created by the root user will also be owned by the root user… which means unless you change those files to be owned as the Virtual Server owner, then only root can modify them.
However, you weren’t asking about root, you’re moreso asking about a Master Admin, which I’ll discuss below –
The login I setup as the owner of the server which has sudo access is still being denied access to top-level Virtual Servers despite being logged in on a brand new fresh install
A user with sudo access has rights to all files, only when using the “sudo” command. That is, unless the “sudo” command is executed, that user is not a Master Admin. They just have the capability of being a Master Admin.
If you log into FTP as a user with sudo access, the sudo program isn’t being used to increase that user’s rights… and FTP is only seeing them as a normal user, not a super-user.
To use sudo, you can login using a terminal program such as Putty, and from there, you can use “sudo” to become a super-user.
Thanks Eric, I have setup a root password so I will just use SFTP if the need arises to amend client Virtual Servers. The problem I have is that while most are clients in their own right they are also for the most part managed by myself so having access is important.