From: Martin M. <mm...@ag...> - 2003-11-10 12:47:47
|
Howdy, I think there is a bug in this module. Conception: If you log in to Webmin with "UserA:PasswdA" and want to create such a Directory it is ok to show "/" as Start-Dir for the Webmin-Administrator. I think it is not ok to show "/" as Start-Dir for a low-leveled User like "UserB:PasswdB", isn't it. In addition and if "UserB:PasswdB" is trustworthy "UserC:PasswdC" may is not and has the ability to delete the settings of "UserB:PasswdB" Solution: Do not make "Protected Web Directories" available to Users on your system you do not trust, because everyone can safely delete other one's settings. Wish: If "UserB:PasswdB" is a non-webmin-admin he should be "chrooted" to his ~/. while using this module. hth -- bis dahin - kind regards Martin Mewes --=20 http://webmin.mamemu.de/ Official Webmin/Usermin Translation Co-Ordinator 2003/2004 Proud Agent 2.0 Beta Tester |
From: Jamie C. <jca...@we...> - 2003-11-10 22:01:49
|
Already possible - just go to the Webmin Users module and click on Protected Web Directories next to a username. You can set a different allowed root directory for each user, and a user to create .htaccess files as. This way different users can be protected from each other .. - Jamie On Mon, 2003-11-10 at 23:47, Martin Mewes wrote: > Howdy, > > I think there is a bug in this module. > > Conception: > If you log in to Webmin with "UserA:PasswdA" and want to create such a > Directory it is ok to show "/" as Start-Dir for the > Webmin-Administrator. > > I think it is not ok to show "/" as Start-Dir for a low-leveled User > like "UserB:PasswdB", isn't it. > > In addition and if "UserB:PasswdB" is trustworthy "UserC:PasswdC" may > is not and has the ability to delete the settings of "UserB:PasswdB" > > Solution: > Do not make "Protected Web Directories" available to Users on your > system you do not trust, because everyone can safely delete other > one's settings. > > Wish: > If "UserB:PasswdB" is a non-webmin-admin he should be "chrooted" to > his ~/. while using this module. > > hth -- > > > bis dahin - kind regards > > Martin Mewes |
From: Martin M. <mm...@ag...> - 2003-11-11 06:29:12
|
Hi Jamie, Jamie Cameron <jca...@we...> wrote: >Already possible - just go to the Webmin Users module and click on >Protected Web Directories next to a username. You can set a different >allowed root directory for each user, and a user to create .htaccess >files as. This way different users can be protected from each other .. Sure ... and I did that. But >> Wish: >> If "UserB:PasswdB" is a non-webmin-admin he should be "chrooted" to >> his ~/. while using this module. This should be a deafult behaviour and not to be "patched" afterwards. Isn't that possible? bis dahin - kind regards Martin Mewes --=20 http://webmin.mamemu.de/ Official Webmin/Usermin Translation Co-Ordinator 2003/2004 Proud Agent 2.0 Beta Tester |
From: Jamie C. <jca...@we...> - 2003-11-11 11:20:53
|
On Tue, 2003-11-11 at 17:29, Martin Mewes wrote: > Hi Jamie, > > Jamie Cameron <jca...@we...> wrote: > > >Already possible - just go to the Webmin Users module and click on > >Protected Web Directories next to a username. You can set a different > >allowed root directory for each user, and a user to create .htaccess > >files as. This way different users can be protected from each other .. > > Sure ... and I did that. > But > > >> Wish: > >> If "UserB:PasswdB" is a non-webmin-admin he should be "chrooted" to > >> his ~/. while using this module. > > This should be a deafult behaviour and not to be "patched" afterwards. > Isn't that possible? I could add an ACL option to include the current user's home directory .. that would make it easier. - Jamie |
From: Martin M. <mm...@ag...> - 2003-11-11 12:46:03
|
Hi Jamie, Jamie Cameron <jca...@we...> wrote: >> >> Wish: >> >> If "UserB:PasswdB" is a non-webmin-admin he should be "chrooted" to >> >> his ~/. while using this module. >>=20 >> This should be a deafult behaviour and not to be "patched" afterwards. >> Isn't that possible? > >I could add an ACL option to include the current user's home directory >.. that would make it easier. Now that I have looked a little bit more into this I found out that the same behaviour is in some other modules if you use VirtualMin which allows some modules by default. So want to start up a talk about useful default's for Modules. This is what I did against the defaults ###################################################################### Edited via "Webmin Users" Global ACL Root directory for file chooser Manually set to "User's home directory" Users visible in user chooser Manually set to "Only Users - fischer" Groups visible in group chooser Manually set to "Only Groups - fischer" In fact I set it to the User/Group the Directory is set for. ###################################################################### Custom Commands Can edit module configuration? Manually set to "no" Commands this user can run Is it possible to enable another option? "Only installed and edited by $user" where $user is the Non-Root-User which uses this Module. In this case a user can setup his own stuff which will be running with his user credentials and nothing else in the beginning. ###################################################################### =46ile Manager Access files on server as user Manually set to "$username" Only allow access to directories Manually set to "$homedir" "Include home directory of Webmin user" and "Open first allowed directory?" are active by default. ###################################################################### MySQL Database Server Login to MySQL as Password is shown in Clear-Text! Backup file directory Manually set to "$homedir" ###################################################################### Protected Web Directories (not part of VirtualMin), but would be nice. Create .htaccess and htusers files as Unix user Manually set to "$username" Allowed directories Manually set to "$homedir" ###################################################################### Upload and Download Can upload and download files as users Manually set to "$username" Can upload and download files to directories Manually restricted to "$homedir" "Include current Webmin user's home directory" is active by default. ###################################################################### Webalizer Logfile Analysis I see that I have changed the name of the logfile in the WebAlizer-Module, but it is not shown here. So the User is editing a LogFile-Report which does not exist. ###################################################################### It would be nice to have a feature to apply certain settings to all users (except webmin-admin) via template. So I could setup "my defaults" and then apply them to a group of users or to a selection of users. bis dahin - kind regards Martin Mewes --=20 http://webmin.mamemu.de/ Official Webmin/Usermin Translation Co-Ordinator 2003/2004 Proud Agent 2.0 Beta Tester |
From: Jamie C. <jca...@we...> - 2003-11-11 22:07:46
|
On Tue, 2003-11-11 at 23:45, Martin Mewes wrote: > Hi Jamie, > > Jamie Cameron <jca...@we...> wrote: > > >> >> Wish: > >> >> If "UserB:PasswdB" is a non-webmin-admin he should be "chrooted" to > >> >> his ~/. while using this module. > >> > >> This should be a deafult behaviour and not to be "patched" afterwards. > >> Isn't that possible? > > > >I could add an ACL option to include the current user's home directory > >.. that would make it easier. > > Now that I have looked a little bit more into this I found out that > the same behaviour is in some other modules if you use VirtualMin > which allows some modules by default. So want to start up a talk about > useful default's for Modules. > > This is what I did against the defaults > [ stuff deleted ] Virtualmin does set a lot of those module access control settings already, such as in the File Manager and MySQL modules. The next release of Virtualmin (due soon) will set the Global ACL and Protected Web Directories access control settings as well, in the same way that you did. One planned feature that I haven't gotten around to yet is allowing the creating of a Webmin group that specifies access control settings for various modules. Each virtual server user would then be a member of that group, and thus inherit it's permissions .. this would give the master admin more flexibility to control who gets access to what, instead of using Virtualmin's built-in defaults. - Jamie |
From: Martin M. <mm...@ag...> - 2003-11-12 06:57:56
|
Hi Jamie, Jamie Cameron <jca...@we...> wrote: >> This is what I did against the defaults >> [ stuff deleted ] > >Virtualmin does set a lot of those module access control settings >already, such as in the File Manager and MySQL modules. The next release >of Virtualmin (due soon) will set the Global ACL and Protected Web >Directories access control settings as well, in the same way that you >did. k3wl ;-) >One planned feature that I haven't gotten around to yet is allowing the >creating of a Webmin group that specifies access control settings for >various modules. Each virtual server user would then be a member of that >group, and thus inherit it's permissions .. this would give the master >admin more flexibility to control who gets access to what, instead of >using Virtualmin's built-in defaults. Great :-) Good news ... tia -- bis dahin - kind regards Martin Mewes --=20 http://webmin.mamemu.de/ Official Webmin/Usermin Translation Co-Ordinator 2003/2004 Proud Agent 2.0 Beta Tester |