16.7. Module Access Control

As Chapter 52 explains, it is possible to limit the features of this module that a particular Webmin user or group can access. For example, you may want to allow a user to edit only the host addresses list, or to be able to view settings only instead of editing them. To do this, create or edit a Webmin user who has access to the module, and then follow these steps:

In the Webmin Users module, click on Network Configuration next to the name of the user or group that you want to restrict. This will bring up the module access control form.

Change the Can edit module configuration? field to No, so that the user cannot configure the module to edit a host addresses file other than /etc/hosts.

The Can edit network interfaces? field determines which interfaces the user can see and edit. Setting it to Yes allows editing of all of them, while choosing No prevents the Network Interfaces page from being accessed at all.

If View only is chosen, all interfaces will be visible but the user will not be able to change any of their attributes. If Only interfaces is chosen, only those whose names (separated by spaces) are entered into the field next to it will be editable. All others will be only viewable.

If the Can edit routing and gateways? field is set to Yes, the user will be able to set up the default router and static routes as normal. If No is chosen, the Routing and Gateways page will not be accessible at all, or if View only is chosen the current settings will be visible but not changeable.

Similarly, the Can edit DNS client settings? and Can edit host addresses? fields can be set to Yes, View only and No to control access to the DNS Client and Host Addresses pages respectively.

When you are done making selections, click the Save button to have the new restrictions immediately activated.

Be very careful giving an untrusted user the rights to edit any network configuration in this module, as he may be able to figure out a way to gain root access or disrupt other users by changing routes, host addresses, or interface settings.

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.