Reseller Options disappeared

5 posts / 0 new
Last post
#1 Thu, 04/10/2008 - 10:49
richey@aicmail.net

Reseller Options disappeared

I just installed Virtualmin Pro on two servers running ubuntu. One one server I created a test domain and a test reseller account so I could demo it for the sales and web dev guys. When I created these accounts the reseller options disappeared.

I can still get to the reseller options on the other server that does not have any domains configured . When I am logged on the server with the missing reseller options my login says (Master admin) while the other server just shows my login name.

Thu, 04/10/2008 - 13:51
Joe
Joe's picture

You set the administrative user for your new virtual server to "root" which ripped out all of the privileges root normally has and gave him basic virtual server owner privileges.

You never need to assign ownership of a virtual server to root (in fact, it's nonsensical to do so, and I could have sworn we'd added a check to make it impossible a few revisions back...but I guess not). root, by default, has all privileges for all virtual servers. The new administrative user should be a NEW user explicitly for managing the virtual server in question (even if you only ever plan to login as root, you can just pretend that extra user doesn't exist).

To fix this login via ssh or command line, and edit the file /etc/webmin/webmin.acl, and change the root line to this:

root: backup-config change-user translator usermin virtualmin-notes server-manager webminlog webmin servers acl bacula-backup init passwd quota mount fsdump ldap-client ldap-useradmin logrotate mailcap mon pam proc at cron sentry software inittab desktop man syslog useradmin virtualmin-init security-updates virtualmin-awstats apache bind8 pserver dhcpd dovecot fetchmail frox jabber majordomo mysql openslp postfix postgresql proftpd procmail qmailadmin mailboxes sshd samba sendmail spam sarg squid virtualmin-google-analytics virtualmin-mailman virtualmin-svn virtual-server virtual-server-gpl wuftpd webalizer adsl-client bandwidth ipsec krb5 firewall exports nis net nettools pap ppp-client pptp-client pptp-server stunnel shorewall virtualmin-registrar idmapd filter burner grub raid lvm fdisk lpadmin smart-status time vgetty cluster-passwd cluster-copy cluster-cron cluster-shell cluster-software cluster-usermin cluster-useradmin cluster-webmin cfengine heartbeat shell custom extjs file tunnel phpini php-pear cpan htaccess-htpasswd ruby-gems telnet status updown virtualmin-dav virtualmin-htpasswd virtualmin-slavedns virtual-server-svn dfsadmin dnsadmin inetd ipfilter ipfw lilo smf syslog-ng xinetd virtualmin-oracle virtualmin-mysqluser virtualmin-signup

That should be all on one line.

Once that's done, you'll be able to log back into Webmin with most of roots privileges restored, and from there you can fix privileges via the UI.

Browse to Webmin:Webmin:Webmin Users

Click on the "root" user

Click on "Virtualmin Virtual Servers" in the "Servers" section

Click the button labeled "Reset to full access"

You'll probably need to do the same for the MySQL, PostgreSQL, Apache, BIND, and Postfix modules.

I'll file a bug to make sure this becomes an impossible mistake to make in the future. In the meantime, never assign ownership of a virtual server to "root" or a "Master Admin" level user--they already have all privileges of ownership, and by assigning them to be owner of the virtual server they get all of the restrictions of being a virtual server account holder imposed on them.

--

Check out the forum guidelines!

Thu, 04/10/2008 - 15:39 (Reply to #2)
richey@aicmail.net

I never logged in as root since the root account is locked under Ubuntu. I followed the same steps substituting my username for root and that seems to have fixed it.

Thanks!

Thu, 04/10/2008 - 17:10 (Reply to #3)
DanLong

You should be able to create an admin user in WEBMIN USER module with full rights that won't be locked out by Ubuntu.

Thu, 04/10/2008 - 17:11 (Reply to #4)
DanLong

Heck, if I'd scrolled down one more line I'd seen that you got it working. ;-)

Topic locked