I am making custom commands in webmin to perform a restart on a service. I want to give this access to one of my staff members. If I create a webmin user, they can edit the custom command… and change it to whatever they like.
Is there anyway to go around this? Or is this what usermin is for.
You can limit what users can do with Custom Commands using ACLs in the Webmin Users module. Click on the username, and then click on the module name in “Available Modules”, and you’ll be able to set what the user can do. You’d disable “Can create and edit commands” to achieve what you’re after.
Note that it’s really easy to expose security vulnerabilities with Custom Commands if your command accepts any freeform user input.
Usermin is unrelated to this question. Usermin is a webmail client, with some other features like changing passwords, database clients, and such. It drops root privileges and runs as the logged in user, so it can never be used for administrative tasks. It’s a Webmin for normal (non-root, non-administrative) users. It’s never the answer to “I want to allow a user to have limited administrative capabilities on the system”. The answer to that is always Webmin ACLs (and Virtualmin uses Webmin ACLs to handle its administrative tasks on behalf of domain owner users).