Menu
▾
▴
Re: [webmin-l] Webmin security issue
|
From: Waleed A. <w....@gm...> - 2017-04-24 11:09:15
|
I deleted the users from the sudoers group. I granted then an access to the File Manager module in webmin, and the surprise is that they still can access other users's files including .profile and everything which they cannot access through the ssh! On Mon, Apr 24, 2017 at 1:26 AM, Andrey Repin <anr...@ya...> wrote: > Greetings, Waleed Alsanie! > > >>Sudo-capable users having full root access in Webmin is expected .. > >>because they can run any command as root when logging in via SSH, > >>there's no security risk to them having root access in Webmin as well. > > > Thanks Jamie, > > But they do not login via SSH. > > Doesn't matter. > > > We installed Webmin to allow them to use it instead of ssh. > > Then let them use it. Why you're using wrong tools and demand them to work > in > the "right way"? > > >>The first question is WHY these users have sudo access in first place? > > We want them to manage some activities in the server > > So, DO THAT. Don't substitute one (system sudo) for another (webmin > permissions). > > > -- > With best regards, > Andrey Repin > Monday, April 24, 2017 01:25:13 > > Sorry for my terrible english... > > > ------------------------------------------------------------ > ------------------ > Check out the vibrant tech community on one of the world's most > engaging tech sites, Slashdot.org! http://sdm.link/slashdot > - > Forwarded by the Webmin mailing list at webadmin-list@lists. > sourceforge.net > To remove yourself from this list, go to > http://lists.sourceforge.net/lists/listinfo/webadmin-list > |
