These forums are locked and archived, but all topics have been migrated to the new forum. You can search for this topic on the new forum: Search for user confinement on the new forum.
Web Hosting and Cloud Computing Control Panels
BUT every admin can manage every virtual server where I would like them to manage only their own server.
Well, I'd expect that to be the case when dealing with a set of Sub-Servers.
That is, if you create example.com -- and then create two Sub-Servers under example.com -- the admins for any of those would be able to manage all of them.
Those admins should not, however, be able to edit top-level Virtual Servers that aren't at all related to example.com and the Sub-Servers therein.
Does that help at all? Does it still sound like things aren't working as you'd expect?
-Eric
type / domain / admin login
top / domain.com / domain_admin
sub / domain.fr / domain_admin
sub / domain.eu / domain_admin
top / testAdomain.fr / testAdomain_admin
top / testBdomain.com / testBdomain_admin
sub / sub1.testBdomain.com / testBdomain_admin
if I want testAdomain_admin to be able to manage email/ssh/ftp user for his domain, I give him virtualmin access
but if he has virtualmin access he can also manage testBdomain.com, domain.com and every domain available on my server :(
that's weird
Hrm.
That's certainly not expected behaviour :-)
Does the user in question by chance have sudo access setup in the /etc/sudoers file?
That's the only thing I can think of that might cause what you're seeing.
Otherwise, I'd probably need to take a look...
-Eric
well, each admin is in his own group
sudoer are only root or %admin (admin group)
but groups testAdomain_admin
gives only testAdomain_admin
not in admin group
Alright, it's really hard to say at this point;
I'm not sure if it's a bug, feature, or configuration problem that you're seeing :-)
To be of much assistance, I'd probably need to see at least two top-level domains in question, and the info for the admins who are supposed to be able to control them.
What I'd be interested in is their /etc/passwd entries, everything relevant in /etc/group, and the full sudoers file.
However, that's starting to get a bit complex to post in here -- so I'm wondering if you'd mind if I logged into your system to take a peek.
If that's okay, you can send an email to eric@virtualmin.com, including:
Root login details
A link to this forum thread in the message body.
Login information for two Virtual Server admins who should only have access to their own stuff, but instead can manage things they shouldn't.
I think that about covers it!
Thanks,
-Eric
with 3 domains with theyr 3 admin account