Webmin has always had the ability to support multiple users, each limited to
a subset of the available modules. This can be useful for delegating certain
administrative tasks to other people, but has been limited by the power of
even seemingly harmless modules. For example, a user with only access to the
Scheduled Cron Jobs module would still have access to the
entire system by creating cron jobs to be run as root.
Version 0.71 gives the master admin the power to further limit what other
users can do. When the name of a module assigned to a user in the Webmin
Users module is clicked on, a list of more fine-grained privileges for
will be displayed (if available). For example, the additional access control
options for the Scheduled Cron Jobs module allow the administrator
to limit which Unix users another Webmin user can manage cron jobs for.
Not all modules yet have additional access control options, mostly because
fine-grained control is not useful. Modules with additional controls are :
- Apache Webserver
- Users can be limited to configuring certain virtual servers.
- BIND 4/8 DNS Server
- Can limit which DNS zones users can edit records in.
- Scheduled Cron Jobs
- Can configure which Unix users cron jobs can be created and edited for.
- Partitions on Local Disks
- Users can be allowed to only partition certain disks.
- File Manager
- Can configure the Unix user files are accessed as.
- Bootup and Shutdown Actions
- Can allow users to only reboot or shutdown the system.
- Majordomo List Manager
- Users can be limited to managing selected lists only.
- Running Processes
- Can configure the Unix user processes are started or killed as.
- Disk Quotas
- Can allow the configuration of quotas only for selected users or groups.
- Sendmail Configuration
- Users can be limited to certain sendmail features, aliases and domains.
- Users, Groups and Passwords
- The Webmin user can be allowed to edit only certain users and groups,
to assign users to selected groups only, and to create users with UIDs
above some minimum.