From: John H. <web...@ew...> - 2010-09-20 15:58:42
|
In the 'prevent ourselves from being our own worst enemy department', I don't seem to be able to set up a limited admin user who can disable a virtuser without also having delete virtuser abilities, along with some other dangerous options. So, for instance, our 'Accounting' department has too much power IMO. I would like for them to be able to disable a site, which often times immediately leads to payment being made at which point Accounting should be able to enable the site. Perhaps a user than can look at about anything, maybe reset passwords, upgrade hosting plans, but have no 'delete' abilities. And Jamie... I mentioned this before, but Usermin is over the heads of most of our actual 'Users'. I just read the article posted a few minutes ago and it alluded to the same thing. Yes, for someone a bit proficient with computers, they might be able to figure out what the stuff means, and yes, it is light years ahead of expecting a user to even know what 'command line' is. There are a lot of great tools available in there, yet I absolutely know the danger factor more than offsets the usefulness for the majority of 'our' users. Maybe a DumbUserMin module? Just my general thinking here while trying to fill our client's needs, but maybe this is all just a pipe dream? And no, we don't want it to be a Windows Wizard (it's magic if it works) either. I was wondering if any consideration of supporting Amavisd might be on the radar screen? I've been really impressed with the reduction in mail server loads running this as a front end. And, so there's my ramblings for the moment. John Hinton |
From: Jamie C. <jca...@we...> - 2010-09-21 05:13:39
|
On 20/Sep/2010 08:58 John Hinton <web...@ew...> wrote .. > In the 'prevent ourselves from being our own worst enemy department', > I don't seem to be able to set up a limited admin user who can disable a > virtuser without also having delete virtuser abilities, along with some > other dangerous options. So, for instance, our 'Accounting' department > has too much power IMO. I would like for them to be able to disable a > site, which often times immediately leads to payment being made at which > point Accounting should be able to enable the site. Perhaps a user than > can look at about anything, maybe reset passwords, upgrade hosting > plans, but have no 'delete' abilities. So you are thinking of a user who has access to all domains, but can only perform a few actions in those domains? > And Jamie... I mentioned this before, but Usermin is over the heads of > most of our actual 'Users'. I just read the article posted a few minutes > ago and it alluded to the same thing. Yes, for someone a bit proficient > with computers, they might be able to figure out what the stuff means, > and yes, it is light years ahead of expecting a user to even know what > 'command line' is. There are a lot of great tools available in there, > yet I absolutely know the danger factor more than offsets the usefulness > for the majority of 'our' users. Maybe a DumbUserMin module? Just my > general thinking here while trying to fill our client's needs, but maybe > this is all just a pipe dream? And no, we don't want it to be a Windows > Wizard (it's magic if it works) either. There is actually a package I created sort-of like this already, called Usermin for Webmail. Since 99.9% of users only use it to read email, I packaged up a special version with a nicer theme and an initial configuration that limits the modules available. You can get it from http://www.webmin.com/udownload.html > I was wondering if any consideration of supporting Amavisd might be on > the radar screen? I've been really impressed with the reduction in mail > server loads running this as a front end. I haven't looked into this yet, sorry .. - Jamie |
From: John H. <web...@ew...> - 2010-09-21 15:07:12
|
On 9/21/2010 1:13 AM, Jamie Cameron wrote: > On 20/Sep/2010 08:58 John Hinton<web...@ew...> wrote .. >> In the 'prevent ourselves from being our own worst enemy department', >> I don't seem to be able to set up a limited admin user who can disable a >> virtuser without also having delete virtuser abilities, along with some >> other dangerous options. So, for instance, our 'Accounting' department >> has too much power IMO. I would like for them to be able to disable a >> site, which often times immediately leads to payment being made at which >> point Accounting should be able to enable the site. Perhaps a user than >> can look at about anything, maybe reset passwords, upgrade hosting >> plans, but have no 'delete' abilities. > So you are thinking of a user who has access to all domains, but can > only perform a few actions in those domains? Yes Jamie. For instance a person in the 'Accounting Department' who needs to disabled a website for non-payment, but really doesn't have much knowledge about the servers. They in particular need to be able to operate the 'Disable' and then the 'Enable' button. But I don't want them to mistakenly click the 'Delete' button. (A for instance here is 'Accounting' might think a client has left, but not have the knowledge to determine that they moved their website, but not their email. Obviously, this client/Vhost should not be deleted.) This 'Accounting' user would need access to any Vhost on a server. And, as a low level admin type user, if they could see things like passwords for any account, that would be good as well and maybe even re-send the Virtual Server Created emails and email box created/updated emails. Often times Accounting is asked for this type of information. I just don't want them to have any delete abilities. >> And Jamie... I mentioned this before, but Usermin is over the heads of >> most of our actual 'Users'. I just read the article posted a few minutes >> ago and it alluded to the same thing. Yes, for someone a bit proficient >> with computers, they might be able to figure out what the stuff means, >> and yes, it is light years ahead of expecting a user to even know what >> 'command line' is. There are a lot of great tools available in there, >> yet I absolutely know the danger factor more than offsets the usefulness >> for the majority of 'our' users. Maybe a DumbUserMin module? Just my >> general thinking here while trying to fill our client's needs, but maybe >> this is all just a pipe dream? And no, we don't want it to be a Windows >> Wizard (it's magic if it works) either. > There is actually a package I created sort-of like this already, called > Usermin for Webmail. Since 99.9% of users only use it to read email, > I packaged up a special version with a nicer theme and an initial configuration > that limits the modules available. You can get it from http://www.webmin.com/udownload.html > OH... I missed that! I'll be sure to take a look! Thanks. >> I was wondering if any consideration of supporting Amavisd might be on >> the radar screen? I've been really impressed with the reduction in mail >> server loads running this as a front end. > I haven't looked into this yet, sorry .. Well, Jamie, it's not like there aren't tens of thousands of packages out there. ;) We don't expect you to be Superman! Thanks for your response. John > - Jamie > > ------------------------------------------------------------------------------ > Start uncovering the many advantages of virtual appliances > and start using them to simplify application deployment and > accelerate your shift to cloud computing. > http://p.sf.net/sfu/novell-sfdev2dev > - > Forwarded by the Webmin mailing list at web...@li... > To remove yourself from this list, go to > http://lists.sourceforge.net/lists/listinfo/webadmin-list |
From: Jamie C. <jca...@we...> - 2010-09-21 19:40:51
|
On 21/Sep/2010 08:07 John Hinton <web...@ew...> wrote .. > On 9/21/2010 1:13 AM, Jamie Cameron wrote: > > On 20/Sep/2010 08:58 John Hinton<web...@ew...> wrote .. > >> In the 'prevent ourselves from being our own worst enemy department', > >> I don't seem to be able to set up a limited admin user who can disable a > >> virtuser without also having delete virtuser abilities, along with some > >> other dangerous options. So, for instance, our 'Accounting' department > >> has too much power IMO. I would like for them to be able to disable a > >> site, which often times immediately leads to payment being made at which > >> point Accounting should be able to enable the site. Perhaps a user than > >> can look at about anything, maybe reset passwords, upgrade hosting > >> plans, but have no 'delete' abilities. > > So you are thinking of a user who has access to all domains, but can > > only perform a few actions in those domains? > > Yes Jamie. For instance a person in the 'Accounting Department' who > needs to disabled a website for non-payment, but really doesn't have > much knowledge about the servers. They in particular need to be able to > operate the 'Disable' and then the 'Enable' button. But I don't want > them to mistakenly click the 'Delete' button. (A for instance here is > 'Accounting' might think a client has left, but not have the knowledge > to determine that they moved their website, but not their email. > Obviously, this client/Vhost should not be deleted.) This 'Accounting' > user would need access to any Vhost on a server. And, as a low level > admin type user, if they could see things like passwords for any > account, that would be good as well and maybe even re-send the Virtual > Server Created emails and email box created/updated emails. Often times > Accounting is asked for this type of information. I just don't want them > to have any delete abilities. Ok, I see .. Currently there is no way to set this up using Virtualmin permissions. The closest you could get would be to use the Custom Commands module to create a button with a single parameter (called dom) whichs runs the command : virtualmin disable-domain --domain $dom You could even make that dom parameter a menu, with the list of available options coming from the command : virtualmin list-domains --name-only Once this is done, you can create a Webmin user who has only access to the Custom Commands module, cannot edit commands, and can run only that one. - Jamie |