52.5. Editing Module Access Control
Many Webmin modules allow you to further restrict the actions that each user can perform using them. The actual access control options are different for each module and are documented in detail in the “Module Access Control” sections of the chapters that cover them. This section only describes the common process that you need to follow to configure what a user (or group) can do with a particular module. To control module access, follow these steps:
1. | On the Webmin Users main page, find the user or group that you want to restrict and click on the name of the module next to his name for which you want to edit the restrictions. This will bring up the access control editing form, an example of which is shown in Figure 52.3. That screenshot is from the Users and Groups module, so if you select a different module, the available options will not be the same. Figure 52.3. The module access control form for Users and Groups.
|
2. | To stop the user from changing the module's configuration, set the Can edit module configuration? field to No. This should always be done because in most modules the configuration settings can be changed to allow the user to gain root access or otherwise escape the access control restrictions that you have set up. |
3. | Change other options on the form to restrict the user in whatever way you wish. Each module covered in this book has a section in its chapter that explains exactly what the fields mean and gives examples of how to set up common types of access control. |
4. | Click the Save button to make your changes immediately active and return to the module's main page. |
Not all modules allow you to limit what a user can do, as it would not make any sense. For example, the Software Packages module does not allow access control restrictions to be configured. Its primary purpose is the installation of new packages, and any user with the rights to install a package could build and install his own that gives him root access. In modules like these, only the Can edit module configuration? option appears on the access control form. For modules that have no options other than this, there is no “Module Access Control” section in the chapter of the book that covers them.
At the start of the list of modules, next to every user, is an entry called Global ACL. If you click on this, it will take you to an access control form that allows the editing of restrictions that apply in all modules. The fields and their meanings are:
Root directory for file chooser There are many fields in Webmin for entering a file or directory name and next to most of them is a button that pops up a simple file chooser window. Users will not be able to use this file chooser to list directories outside whatever path you enter into this field. By default, it is set to / so the entire filesystem can be browsed.
This option only controls which directories can be browsed using the file chooser. A user can still enter ANY path into a filename field manually, unless the module has its own access control restrictions.
Users visible in user chooser In most Webmin modules, when a username field is displayed there is a button next to it that pops up a window for selecting either single or multiple users. This option allows you to control which users appear in that pop-up window, so a particular Webmin user cannot see all of the UNIX users on your system.
This access control option does nothing to stop the user from manually entering any username that he chooses, it just limits the list that appears in the pop-up window.
Groups visible in group chooser This option works in exactly the same way as the one above, but applies to the pop-up group selection window instead.
Can send feedback email? When using the Webmin theme that is enabled by default, a Feedback button appears on every page in the upper-right corner. Changing this option to No will remove the button while changing it to Yes, but not with config files will prevent the user from sending feedback with the Include module configuration in email option selected.
Because all feedback goes to the author of Webmin by default, disabling it makes sense for users other than the master administrator.
Can accept RPC calls? Webmin has its own RPC (remote procedure call) mechanism that is used by the cluster modules, System and Server Status modules, and other modules. Any client program that makes an RPC call to a Webmin server must first log in as a normal user using a web browser client. An RPC client, however, can access all of the features of Webmin, edit arbitrary files, and execute commands as root, regardless of any access control settings. For this reason, for users without full access to Webmin, this option should be set to No.
The default is Only for root or admin, which means that only if the user is called root or admin can it be used to log in for RPC. Because the root and admin users typically have full access to Webmin anyway, this is not a security problem. If you create a new user with one of these two names, however, and grant him only limited Webmin access, make sure this option is set to No.
For almost all Webmin users, even those that are granted only limited access to some modules, the default Global ACL options will work fine and do not need to be changed.