Menu
▾
▴
Re: [webmin-l] Webmin security issue
|
From: Yehuda K. <ye...@ym...> - 2017-04-23 12:58:27
|
This isn't a security issue in Webmin. When you give a user sudo access, they can access any other user's home directory without Webmin. The whole purpose of sudo is to allow users to have root privileges. You probably want to manage your users directly in Webmin. First, you need to disable the option "Allow users who can run all commands via sudo to login as root". This potion is in Webmin on /acl/edit_unix.cgi Then you need to configure Webmin with how to synchronize users with Ubuntu. See the documentation: http://doxfer.webmin.com/Webmin/Webmin_Users - Y On Sun, Apr 23, 2017 at 8:14 AM, Waleed Alsanie <w....@gm...> wrote: > Hello all, > > I have just found a security issue in Webmin working under Ubuntu. People > with sudo access can access Webmin and then can view all the users' home > directories with their files. Even if the files are protected, they still > can be viewed by users with sudo access through webmin! > > Is there any solution to this? > > Regards, > > ------------------------------------------------------------ > ------------------ > Check out the vibrant tech community on one of the world's most > engaging tech sites, Slashdot.org! http://sdm.link/slashdot > - > Forwarded by the Webmin mailing list at webadmin-list@lists. > sourceforge.net > To remove yourself from this list, go to > http://lists.sourceforge.net/lists/listinfo/webadmin-list > > |
