Hello, I was trying the other days to create a sub-server (aka a subdomain) with a separate extra-administrator, a very common scenario I guess - but a first for me. I never encountered so many issues with Virtualmin. So this are the things that are wrong:
- when logged in as the extra admin of the sub-server, and after installing a script, the user and the master password of the domain/mysql are disclosed to the extra admin;
- when logged in as extra admin of the subserver, with the default templates, the extra admin can go to Re-Send Signup Email and send himself the admin password.
Now: I know technically why this is happening, but it is not a good procedure. There isn’t one good reason for a logged in user to see the other users password, in no scenario. Who needs an “extra admin” who knows the admins user and password?
FTP was a problem also but I gave up Virtualmin in that respect for while now - everything is manual. Solved all of these but took me hours. Never mind the paranoia
Thank you - hope was only my case.