Menu
▾
▴
2 Attachments
#5432 File Manager access
Running Webmin V1.953.
I am unable to limit access to certain PATH's with File Manager. I have set the limitation on each user id to 1 PATH but that is not working.
The File Manager tree is wide open and I need to limit my users. I was able to do this with the old Java File Manager but this Perl version I am unable to do that. And the Module config has no way to restrict access either.
Any help is greatly appreciated.
Please help!!
Aletha Chrietzberg
alethad@unch.unc.edu
What kind of error message are you getting for these paths?
Hi Jamie,
Sorry for the delay, I replied to your email but it looks like you didn't get it.
I do not get any error at all. The parameters just do not seem to be working.
I've set the restrictive PATH on each user id.
Any help is greatly appreciated.
Can you post a screenshot of the page that isn't working?
Hi Jamie. I posted screenshots and other info but I still need help with this issue on the perl version of File Manager and the Webmin Users page >Permissions for all modules > Root directory for file chooser & Other directories allowed PATH parameters
If you need to talk to me on the phone I am available. Or email me directly at alethad@unch.unc.edu.
I am getting anxious to getting this resolved or a better work around if possible.
Thanks.
This is from the Edit Users >> Permissions for All Modules
I have users set for /epic as the root start of the access and that does notwork either. I am trying to limit my users to the PATH /epic/nonprdfiles. And it doesn't matter how I set the parameters in the "Permissions for All Modules" the user is put at /(root) forcing them to drill down to the desired PATH.
Try the accordion above, with name Available Webmin modules and at the bottom click on Tools > File Manager link. This is where you control File Manager acls.
I don't understand where you are talking about. Are you referring to the The Available Webmin modules in the Edit Users? Or are you talking about the File Manager itself?
I have not found any place to restrict user id's to a certain PATH.
Correction/clarification. I have always edited the "Permissions for All Modules" on each user to restrict the "root directory" and "Other visible directories" where to place the user in the file structure when using the Java File Manager. This locks the user down to a specific PATH or PATHs. But the new Perl Version does not use these parameters on the user id apparently because the user is put at the root(/) level in File Manager forcing them to drill down to their desired PATH. I have non-Unix users that I DO NOT want to have access to any PATH but what I give them access to.
I can find nothing in the new Perl Java File Manager that does any lockdown. The only control I see in the new File Manager is the bookmarks. BUT this still gives my non-Unix users access to root(/) and the whole file structure still forcing them to drill down to the desired PATH.
I really need to avoid all PATH's except what I want my users to see.
How can I accomplish locking down my users?
Thanks.
Yes, same page, previous accordion.
Perhaps you would be interesting in using new feature called Create a new safe user under Webmin > Webmin Users.
We recommend installing latest Webmin 1.970.
Then have a look to what have already been mentioned - the accordion above, with name Available Webmin modules and at the bottom click on Tools > File Manager link, and use Access files as Unix user feature.
Does it work for you?
Thanks for the quick reply. I do not see any accordion on the "Available Webmin Modules" in Edit Users nor a Tools button/link at the bottom of that page.
Can you send me a screenshot to show me where I'm supposed to be? I must be misunderstanding something. Sorry for the trouble.
Diff:
Attached two screenshots.
Check the attached screenshots and on older Webmin versions Tools were Others.
Please upgrade Webmin to the latest version.
The attachments didn't come thru.
Do I need to have a certain theme turned on to see the Tools on that page? After I upgraded to V1.953 I had to switch to the Authentic Theme to get the accordion option to show up in the perl File Manager.
Thanks.
Hey Ilia, I think I may have misunderstood what you're referring to. Are you talking about File acls & permissions or PATHs? I'm talking about PATHs or access to the actual directories & filesystems.
Sorry if I misled you.
Does anyone have any idea if the user permissions parameters can be set to work again? I have not heard from anyone.
Any update at all?
You can directly edit user permissions by editing the file in /etc/webmin/filemin starting with the username with a .acl extension.
Hi Jamie,
Thanks for the reply.
Hope you are doing well.
I looked at a couple of user's .acl file. My users are showing that the PATH should be restricted. But the Perl File Manager is not recognizing it.
Here is the contents of my user id where the restrictions show 2 PATH's. I went to File Manager and my user id is put on root(/). I took out the home directory in the alethad.acl file and I still got put on the root(/) level. No change.
allowed_for_edit=application-x-php application-x-ruby application-xml application-javascript application-x-shellscript application-x-perl application-x-yaml
noconfig=0
work_as_user=
max=
allowed_paths=/home/kpelleti /epic/nonprdfiles
work_as_root=1
I have never set that home directory you see in the .acl file as one of my PATH's. I went into The User module to remove that bogus PATH. The .acl file in the Filemin directory did not change. It still shows both PATH's. Which means I have to edit that file.
So where are my changes within Webmin Users module getting save to? Or are they getting saved at all?
Please advise. Or tell me if I am missing something.
Thanks so much.
Are those Webmin privileged users or Webmin safe users? Webmin privileged users are root capable users and access restrictions are going to be ignored.
Jamie, perhaps the improvement would be here is to hide or disable UI elements for root capable users to avoid confusion?
Yeah, if the user you're logging in as is named
root, no path restrictions apply.I have my users set as their own user id(OS) or set to their Webmin user id which is the same as their OS user. Both are set to browse files as their own user id not root.
The screenshot I sent early on is shows one of these users is set to browse files as their Webmin id.
So what do I need to change? I'm not sure I understand.
Have you tried creating new safe Webmin user for those already existing Unix users on ** Webmin > Webmin Users** page?
I looked at the safe user before but I did not see any of my Custom Categories were included in the choices to allow permission to access. Or is there a way to include my Custom Categories?
I just tried to add a test3 user id for testing using the group option and I got an error. I have always been able to create user id's that are not real users. So I guess safe users are an exception?
Failed to save user : The username 'test3' is not a Unix user, and so cannot be used in safe mode
Yes, safe user expects correspondent existing Unix user.