37.14. Sendmail Module Access Control
The Sendmail Configuration module probably has the most powerful access control features of any module in Webmin. You can use them to limit the aliases and virtual addresses a Webmin user can edit, or restrict him to reading only the mailboxes of certain UNIX users. These features are most useful in a virtual hosting environment, where customers own email domains and the user accounts. On this kind of system, you can create one Webmin user per customer who can only manage the address mappings, aliases, and mailboxes for his own domains, while not being able to use other features of the module or touch other customers' information.
Once you have created a Webmin user who has access to the module (as explained in Chapter 52), follow these steps to restrict what he can do:
1. | In the Webmin Users module, click on Sendmail Configuration next to the name of the user whom you want to restrict. |
2. | Change the Can edit module configuration? field to No, so that he cannot modify paths to Sendmail programs and files. |
3. | Set all of the Yes/No fields in the second section to No, which will prevent the user from seeing most of the module's icons. |
4. | Select No from the Can manage mail queue? menu, or View only if you just want the module user to be able to see the contents of the queue. Selecting Yes would be a bad idea, as it would allow him to delete queued email belonging to other domains. |
5. | For the Address mappings this user can edit field, select the Matching option and enter a Perl regular expression for allowable mapping sources into the text field next to it. For example, to let him create and edit mappings in the domains foo.com and example.com, you should enter (@foo.com|@bar.com)$. |
6. | It is safe to select all of the checkboxes in the Address mapping types this user can edit field. |
7. | In the Aliases this user can edit field, select Matching and enter a regular expression that only lets him modify or create aliases starting with the customer's domain names. For example, if the user owns the domains foo.com and example.com you should enter ^(foo|example)- to limit him to aliases like foo-jcameron or example-fred. This naming convention ensures that users cannot step on each others' aliases. To limit the number of mappings that the user can create, select the second radio button in the Maximum number of address mappings field and enter a number into the box next to it. This can be useful for preventing a single customer from more address mappings than he has paid for. |
8. | In the Alias types this user can edit field, deselect the checkboxes for types of aliases that the Webmin user should not be allowed to create. Good candidates to deny access to are Write to file, Feed to program, Autoreply, and Filter file, as they use the permissions of the Sendmail daemon user and thus may be a security risk. |
9. | |
10. | To stop the Webmin user from creating aliases that run programs, append to files, or use address files outside a certain directory, enter it into the Limit files and program to directory field. Unfortunately, this can be subverted by the clever use of symbolic links and so is not a very strong security measure. |
11. | In the Outgoing addresses this user can edit field, select Matching and enter the same regular expression as in the Address mappings this user can edit field. This will limit the user to rewriting addresses for only his own domains. To prevent the editing of outgoing addresses at all, select None. In most cases, there is no need for a Sendmail administrator to edit them anyway. |
12. | In the Users whose mail can be read field, select one of the last five options to limit the customer to only those UNIX users who belong to him. If he has been given limited access to the Users and Groups module as well, then you should allow him to read the email of the same users that he can create and edit in that module. |
13. | Leave the rest of the fields on the form set to their defaults. They are only really useful if you are setting up the module as a web-based mail reading interface. Although this is possible, there are much better alternatives such as Usermin (covered in Chapter 47). |
14. | Click the Save button to make the restrictions for the user active. |
Even though it is possible to configure this module to limit a user to certain domains, the module's interface is not particularly friendly compared to products like Plesk or Cpanel. These are web-based virtual server management interfaces that have been designed from the ground up for that purpose, unlike Webmin which was designed to allow the management of everything on a system.