Unix group for domain owners

5 posts / 0 new
Last post
#1 Sun, 08/20/2006 - 22:56
NicholasChua

Unix group for domain owners

Hi,

I would like to group all domain owners into www so i had created group www. In the server template, "my template", Unix user, i had set www as the selected group www for Default Unix group for domain owners. But everything i create a new domain, the group will be set to "domain.com", not www.

I tried to list the available groups by pressing the ... button beside the Selected group, it says error on page.

Is there a bug? If not, how do I have virtualmin create new domains with the group, www?

Thanks

Sun, 08/20/2006 - 23:02
Joe
Joe's picture

Hey Nicholas,

I suspect changing the group for all domains to a single group would be asking for a lot of trouble. It might be a bug that there is an option to change it. ;-)

Many aspects of Virtualmin expect there to be a group for each domain--users within the domain are added to the group, SuExec group is set to the group, and probably other stuff (though I don't know exactly what else, off the top of my head). You'll certainly lose the ability to use domain quotas in any reasonable way if you put everything into a single group.

What's your reason for doing it this way?

--

Check out the forum guidelines!

Sun, 08/20/2006 - 23:16
NicholasChua

Hi Joe,

Thanks for the fast reply.

I thought it will be neat to put websites under group called www and shellusers under group shells etc.

I also have other 4 templates which are hosting packages, for example 100mb, 200mb 500mb and 1000mb.

Those people who signed up the 100mb will be grouped together in 100mb and so on so forth for the others.

I guess the templates are for doing this, am i right?

I do not think by doing this, Virtualmin will break the domain quota etc. I want to get domains grouped together this way, but their ownership still belongs to the respective domain.

Please correct me if i am wrong.

best regards

Sun, 08/20/2006 - 23:54 (Reply to #3)
Joe
Joe's picture

Hey Nicholas,

<i>I guess the templates are for doing this, am i right?</i>

Yes, and I'm glad to see someone using Server Templates! It's like the best kept secret in Virtualmin, despite being a really powerful feature that sets it apart from all other similar products.

Anyway, creating hosting packages is exactly the goal of Server Templates (though it's quite a bit more advanced than that, since you can customize everything about the new domain--not just quotas, bandwidth usage, mailbox number, etc...you can also choose what services are available, scripts to install, and loads more). It makes setting up hosting for a wide range of customer types really fast.

<i>I do not think by doing this, Virtualmin will break the domain quota etc. I want to get domains grouped together this way, but their ownership still belongs to the respective domain.

Please correct me if i am wrong.</i>

I'm afraid you're wrong. ;-)

The domain user quotas will work fine, but the virtual server (including mailbox and shell user accounts within those domains) will not. Again, there are several other sneaky spots where you'll run into either security issues or issues maintaining a reasonable separation of domains. I believe you'll regret using groups in this way.

The &quot;group&quot; in this context is the UNIX primary group...which is quite limited, and its purpose is to allow shared ownership of resources between those users in the same group. You don't want domain owners sharing data with other domain owners, for example. Since sharing permissions between different domains and users within different domains is not the goal here, UNIX group membership probably isn't the right solution.

You could make use of secondary groups to do something like this, without breaking any functionality (I think), but I'm not sure I see the benefit of doing so, and you stil have the problem of making it possible for users within different domains to share data (accidentally, probably). If you just want to be able to keep up with who is a domain and who is a shell or mailbox user within the domains when looking at the group file, you can still tell--the domain will have its own username as its group name, while the users within the domains will have the domain as their group name. And, obviously, Virtualmin displays all of this data in an easy to understand fashion--if you're having trouble locating some piece of information about your users, let us know and we'll try to figure out a way to make it easier to find.

--

Check out the forum guidelines!

Mon, 08/21/2006 - 00:27 (Reply to #4)
NicholasChua

Hi Joe,

I got what you mean. Thanks for all the trouble.

best regards