Webmin Access Control

Webmin has always had the ability to support multiple users, each limited to a subset of the available modules. This can be useful for delegating certain administrative tasks to other people, but has been limited by the power of even seemingly harmless modules. For example, a user with only access to the Scheduled Cron Jobs module would still have access to the entire system by creating cron jobs to be run as root. Version 0.71 gives the master admin the power to further limit what other users can do. When the name of a module assigned to a user in the Webmin Users module is clicked on, a list of more fine-grained privileges for will be displayed (if available). For example, the additional access control options for the Scheduled Cron Jobs module allow the administrator to limit which Unix users another Webmin user can manage cron jobs for. Not all modules yet have additional access control options, mostly because fine-grained control is not useful. Modules with additional controls are : Apache Webserver Users can be limited to configuring certain virtual servers. BIND 4/8 DNS Server Can limit which DNS zones users can edit records in. Scheduled Cron Jobs Can configure which Unix users cron jobs can be created and edited for. Partitions on Local Disks Users can be allowed to only partition certain disks. File Manager Can configure the Unix user files are accessed as. Bootup and Shutdown Actions Can allow users to only reboot or shutdown the system. Majordomo List Manager Users can be limited to managing selected lists only. Running Processes Can configure the Unix user processes are started or killed as. Disk Quotas Can allow the configuration of quotas only for selected users or groups. Sendmail Configuration Users can be limited to certain sendmail features, aliases and domains. Users, Groups and Passwords The Webmin user can be allowed to edit only certain users and groups, to assign users to selected groups only, and to create users with UIDs above some minimum.