user confinement


I’m currently using webmin with virtualmin pro and usermin.

Here is my settings :
3 master admin (me and 2 friends) for general server management
2 resellers (my 2 friends)
lot of admins (one per website)

Here is my issue :
master admin can manage every virtual server : that is fine and quite normal
reseller can only manage their own client’s virtual server : that is fine too

every admin can manage every virtual server
where I would like them to manage only their own server.

What have I done wrong ?

BUT every admin can manage every virtual server where I would like them to manage only their own server.

Well, I’d expect that to be the case when dealing with a set of Sub-Servers.

That is, if you create – and then create two Sub-Servers under – the admins for any of those would be able to manage all of them.

Those admins should not, however, be able to edit top-level Virtual Servers that aren’t at all related to and the Sub-Servers therein.

Does that help at all? Does it still sound like things aren’t working as you’d expect?


type / domain / admin login

top / / domain_admin

sub / / domain_admin

sub / / domain_admin

top / / testAdomain_admin

top / / testBdomain_admin

sub / / testBdomain_admin

if I want testAdomain_admin to be able to manage email/ssh/ftp user for his domain, I give him virtualmin access

but if he has virtualmin access he can also manage, and every domain available on my server :frowning:

that’s weird


That’s certainly not expected behaviour :slight_smile:

Does the user in question by chance have sudo access setup in the /etc/sudoers file?

That’s the only thing I can think of that might cause what you’re seeing.

Otherwise, I’d probably need to take a look…


well, each admin is in his own group

sudoer are only root or %admin (admin group)

groups testAdomain_admin

gives only

not in admin group

Alright, it’s really hard to say at this point;

I’m not sure if it’s a bug, feature, or configuration problem that you’re seeing :slight_smile:

To be of much assistance, I’d probably need to see at least two top-level domains in question, and the info for the admins who are supposed to be able to control them.

What I’d be interested in is their /etc/passwd entries, everything relevant in /etc/group, and the full sudoers file.

However, that’s starting to get a bit complex to post in here – so I’m wondering if you’d mind if I logged into your system to take a peek.

If that’s okay, you can send an email to, including:

  • Root login details

  • A link to this forum thread in the message body.

  • Login information for two Virtual Server admins who should only have access to their own stuff, but instead can manage things they shouldn’t.

I think that about covers it!



with 3 domains with theyr 3 admin account