26.12. Module Access Control

Like other modules, the file manager can be configured in the Webmin Users module (covered in Chapter 52) to restrict the access that a user has to it. Specifically, you can limit a Webmin user to particular directories and allow him to access files with the rights of a non-root UNIX user. The directory limitation feature is particularly powerful, as a user can be given root access within that directory but prevented from seeing or touching any files outside of it.

Once you have created a Webmin user with access to the module, the steps for restricting his access to it are as follows:

1.
In the Webmin Users module, click on File Manager next to the name of the user or group for which you want to edit access control restrictions.

2.
To change the UNIX user that files are accessed as, enter a new name into the Access files on server as field. Alternatively, you can select the Same as Webmin login option, in which case the Webmin user will the same privileges as the UNIX user with the same name.

Anyone who uses the module with non-root privileges will not be able to use its file sharing features, as this would open up a large security hole. Webmin users who do not have access to the Samba or NFS modules will also not be able to configure file sharing.

3.
The Umask for new files field controls the permissions that are set on newly created files and directories. It contains an octal number which is the binary inverse of the number used in the chmod command to set permissions. For example, a umask of 022 would give new files 755 permissions, while a umask of 077 would give them permissions of 700.

4.
To prevent the user from creating or editing symbolic links and to force all links to appear as the file that they are linked to, change the Always follow symlink? field to Yes. This should be done when restricting a user to a directory so he cannot create links to files outside of the directory and then edit or view them in the file manager.

5.
To stop the Webmin user from editing or changing any files, set the Read-only mode? field to Yes.

6.
To restrict him to only certain directories, enter them into the Only allow access to directories text box. By default, this field contains the root directory, which you must remove if the restrictions are to make any sense. When the user opens the file manager, it will appear as though directories other than those that have been allowed do not exist. The full path to each directory, however, will still be visible.

To automatically include the home directory of the UNIX user with the same name, check the Include home directory of Webmin user option. To have the file manager navigate to the first accessible directory automatically, leave the Open first allowed directory? option checked.

7.
Finally, click the Save button to have the new restrictions activated.

If you want to give a large number of users access to the file manager, it may be better to install Usermin (covered in Chapter 47), instead. It includes an identical file manager that always runs as the UNIX user logged into Usermin, and can be restricted to the user's home directory.

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
18.118.37.120