43.17. Module Access Control

As Chapter 52 explains, once a Webmin user has been granted access to a module he can be further restricted to only a subset of its functions. For the Samba module, you can allow a user to edit only certain types of settings in certain shares while denying him the ability to create new shares or edit global options. This can be useful if you want to let someone edit the settings that apply to the sharing of only his own directory, while protecting the rest of the Samba server's configuration.

I would advise against granting even limited access to this module to untrusted users, however, as it has many features that could be used by a malicious user to gain root access to your system. For example, someone could allow guest access to a share with root permissions, allowing the remote modification of any file. Or they could set the command that is run as root at client connection time to something that changes the root password.

Instead, these access control features are should only be used to limit the changes that an inexperienced—but still trusted—user can make. To restrict such a user to only editing a few shares, follow these steps:

1.
In the Webmin Users module, create a user with access to the module, or modify an existing user to give him access.

2.
Click on Samba Windows File Sharing next to the name of the user to bring up the module access control form.

3.
Change the Can edit module configuration? field to No.

4.
Set all the fields from Can apply changes? down to Can maintain auto UNIX to SAMBA users sync? to No as well, as they control access to global settings that the user should not touch.

5.
To hide shares that he cannot access from the user, change the Hide inaccessible objects? field to Yes. Leaving it set to No lets him see other shares. If he tries to click on any of them, however, an error message will appear.

6.
In the Access file shares field, deselect create but leave read and write selected. Do the same for the Access print shares field. This does not mean that he can edit all shares. Later fields control exactly which ones he can configure.

7.
Change the Enable per-file_share acls? and Enable per-print-share acls? fields to Yes, so that the options set in the next step are used.

8.
In the Per-share ACLs table, select n/a under Access share and Connections for all the shares that he should not be allowed to configure. You should definitely do this for the global share as well, as it sets the defaults for all others.

For the shares that you do want the user to manage, select read write in the Access share column. To allow the user to kill clients connected to this share, select kill in the Connections column. Or, to let him only see connected clients, choose view instead. The former option is not a good idea in terms of security, however, as it allows the user to terminate any process on your system.

The radio buttons in the security, permissions, file naming, and miscellaneous or printer columns control the sub-icons on the share editing form to which the user has access. For each sub-icon, you can choose either edit to allow editing, view to only let him look at the settings, or n/a to deny access altogether.

9.
Hit the Save button at the bottom of the page to activate the new access control settings.

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
18.191.60.249