Installed via http link and Webmin which was already running perfectly on my system (Debian 4).

Once I'd got Virtualmin installed I had to log out to get it to show in the Webmin Servers section then I activated it and set the user to root. Imported an existing virtual server test.mydomain.com and logged out as I wanted to see what effect switching the VS over to be handled by Virtualmin would have on what I could see in Webmin. Relogged in and found I've got almost no access to any part of Webmin any more... and it logs in by default to test.mydomain.com instead of mydomain.com even though the browser url is set to mydomain.com:10000!

Root user now only has access to a limited subset of Webmin (Change Language and Theme), System (change pass, run process, scheduled commands, schedule cron job), Servers (Apache and Virtual Email) and finally Other (File Manager, Protected Web Directories and SSH/Telnet).

I immediately thought about uninstalling it except I Googled and can't find anything to tell me how to do that and get my old Webmin features back. Read the uninstall hint here but it says it will uninstall Virtualmin, Webmin and Usermin and I don't want that.

Searched here and googled for info on how to set root user up so it had TOTAL access to EVERYTHING... can't find anything on that either.

I'm assuming the root.acl file plus something else manages all of this interaction between root user and Webmin with Virtualmin and that somewhere there is a way of fixing my problem... but I can't even find anything that describes each of the settings listed in root.acl...

So where do I go from here?... any pointers to help files, lists of settings etc gratefully received. Would deleting the root.acl file return control to the Webmin root user?

Edit /etc/webmin/webmin.acl

Find the root: line, and replace with:

Code:

root: backup-config change-user translator usermin virtualmin-notes server-manager webminlog webmin servers acl bacula-backup init passwd quota mount fsdump ldap-client ldap-useradmin logrotate mailcap mon pam proc at cron sentry software inittab desktop man syslog useradmin virtualmin-init security-updates virtualmin-awstats apache bind8 pserver dhcpd dovecot fetchmail frox jabber majordomo mysql openslp postfix postgresql proftpd procmail qmailadmin mailboxes sshd samba sendmail spam sarg squid virtualmin-google-analytics virtualmin-mailman virtualmin-svn virtual-server virtual-server-gpl wuftpd webalizer adsl-client bandwidth ipsec krb5 firewall exports nis net nettools pap ppp-client pptp-client pptp-server stunnel shorewall virtualmin-registrar idmapd filter burner grub raid lvm fdisk lpadmin smart-status time vgetty cluster-passwd cluster-copy cluster-cron cluster-shell cluster-software cluster-usermin cluster-useradmin cluster-webmin cfengine heartbeat shell custom extjs file tunnel phpini php-pear cpan htaccess-htpasswd ruby-gems telnet status updown virtualmin-dav virtualmin-htpasswd virtualmin-slavedns virtual-server-svn dfsadmin dnsadmin inetd ipfilter ipfw lilo smf syslog-ng xinetd virtualmin-oracle virtualmin-mysqluser virtualmin-signup exim ldap-server

Restart Webmin.

Don't specify root as the owner of virtual servers in the future (it makes no sense--root owns everything on the server.

But, you're not alone. It happens every couple of weeks...I thought it was impossible to do in recent versions, but I guess we haven't actually fixed it.

Oh, yeah...You'll also need to use the Webmin:Webmin Users module to re-grant "root" access to everything in the Virtualmin Virtual Servers module, the Apache module, the BIND module, and the MySQL and/or PostgreSQL module. Maybe also in the Read Mail module.

A virtual server owner is a pretty heavily restricted account type, and so it imposes a lot of restrictions in a lot of places if you convert root into such a user.

Joe wrote:
Edit /etc/webmin/webmin.acl
Restart Webmin.


Thanks Joe!... that was easy enough, just a matter of knowing where to start and what to put in...

Don't specify root as the owner of virtual servers in the future (it makes no sense--root owns everything on the server.

But, you're not alone. It happens every couple of weeks...I thought it was impossible to do in recent versions, but I guess we haven't actually fixed it.

Yes I see that now... however in explanation I should advise that when I'd installed Virtualmin and then went to import the test.mydomain.com site, "root" was automatically inserted into the Administrator name field (presumably because I was, at the time, logged into Webmin/Virtualmin as root) and, as we so often do these days, I left it there with out thinking about the consequences.

I found a hint on the web that indicated that if I granted root acl access only, via Webmin, ignoring the warning that root should not be altered as it was managed from Virtual Email, I would be able to log in and reset privs - it didn't actually work but as I had previously set up another user anyway I simply shelled in and set all that user's settings to "1" in the /virtual-server/username.acl file for that user and got back access to a large part of the administration menus, etc., and snooped around to see what I could change while waiting to see if anyone answered my post.

To date, I've still not found a way to change the Administrator and ownership of test.mydomain.com and root user is still "managed" by VirtualEmail Server... in fact I'm not seeing any reference to the Virtualmin Virtual Servers module mentioned in your second post and my "other" privileged user is still told root is managed by VirtualEmail and that it should not be edited in Webmin.

I'm still looking for a way to change the ownership of the test domain or a way to delete it completely and start from fresh... I've had a snoop around and noted both Webmin and Virtualmin have acl files for the three users on the system plus the webmin.acl file I've already edited. I've also noted that the acl files in Webmin contain the line [desc_virtual-server=Virtual Email] without the square brackets - does this need changing?

I'm running Debian 4, prior to installing Virtualmin GPL I upgraded to Webmin 1.410.

Yes I see that now... however in explanation I should advise that when I'd installed Virtualmin and then went to import the test.mydomain.com site, "root" was automatically inserted into the Administrator name field (presumably because I was, at the time, logged into Webmin/Virtualmin as root) and, as we so often do these days, I left it there with out thinking about the consequences.

Your browser did that. It's not filled in, by default.

To date, I've still not found a way to change the Administrator and ownership of test.mydomain.com and root user is still "managed" by VirtualEmail Server... in fact I'm not seeing any reference to the Virtualmin Virtual Servers module mentioned in your second post and my "other" privileged user is still told root is managed by VirtualEmail and that it should not be edited in Webmin.

Virtual Email is the highly restrictive version of Virtualmin--basically, it is Virtualmin Virtual Servers, but since in that mode you can only edit mail boxes, it changes its name to something somewhat more sensible. Kind of. This mode probably should not be the default permission granted to new virtual server owners, as it's rarely what people want...but it's kind of the "least privilege" path, and we assume people will all have different ideas about what else they want their virtual server owners to be able to do.

I'm not sure what else you would need to do, other than use the Webmin Users module to grant full access to all of the modules I listed above (are you sure you actually tried to use the Webmin Users module? I'm thinking you went to the System Users and Groups module...but I might be wrong).

Yes definitely using Webmin/Webmin/Webmin Users

root is there but I'm told its managed by VirtualEmail when I click on the root user... "This Webmin user should not be edited as it is managed by the Virtual Email module. Click here to bypass this warning and edit the user anyway - but beware that any manual changes may be over-written!"... my other user gets the full range of options showing up under Webmin Users [Webmin User access rights, User Interface Options, Security and Limits Options and Available Webmin Modules]

BTW how does one get access to a less restricted version of Virtualmin than the Virtual Email version? I don't recall being given any options to set up a less restricted version...

Thanks for all your help so far... I'm thinking it might be quicker to completely wipe my server and reinstall Debian etc and start with a totally clean slate... the time involved might work out to be less in the end... as usual I'm speaking from the position of a novice Virtualmin user....