In Virtualmin, if I have a customer whose UID:GID is custid:custid, and there are e-mail accounts on the domain whose UID:GID values are mail1.custid:custid, mail2.custid:custid, etc., it would seem to me that the domain owner would be able to create/delete/inspect the files found in each of the mail user accounts (in the /homes/mail1, /home/mail2, ... directories).
In my /etc/proftpd.conf file, I've set:
Umask 007
When user directories are created via Virtualmin (Edit Mail and FTP Users), the directory created (e.g., /home/mail1) has mode 0700. Of course, then the domain owner can't login as the domain owner and read/write files and directories.
I'd like the account owner to be able to have complete access to all content within the account (all domains, all homes areas, etc.).
What do I need to do to make this work?
Any ideas on how a domain owner can read/write into mail users directories? Go ahead, prove you're a virtualmin god or goddess!
I've done some work on the code and I've found a solution. It amounts to modifying the file:
/usr/libexec/webmin/virtual-server/virtual-server-lib-funcs.pl
in the function:
set_usermin_imap_password
The solution was to change every occurrence of 0700 with 0770, and every occurrence of 0600 with 0660. In addition to this, the file:
/etc/proftpd.conf
needed to be modified. It needs to have the directive:
Umask 007
If absent, add it; if there is another value (e.g., 027), then change it to 007.
With those two changes, the account (top-level server) owner can now read and write files that belong to users created via Edit Mail and FTP Users.
It would be nice if there were a GUI that allows one to choose the one mode or the other. It might have to be a solution that applies to all domains. But, if the Virtualmin team can figure out an even more elegant way to do this, it would be a big help for people who want the top-level server user to have the ability to read and write all files in the account.