On Fri, 2006-09-29 at 07:52 -0500, Ivan Arteaga wrote:
OK, I really appreciate the time and help of all you guys... got good tips! Anyway let me tell you that webmin allow to define webmin groups/users in order to give them granular access to specific modules, in this case only the "system - change password" option. So there is no way the user change what he must not (or what you allow them to do) I came here because I posted the question in samba and even webmin lists with no success, and anywhere you can find someone that can helps in linux world^^ Sorry if maybe I asked the wrong question in the wrong list or somebody wasted time reading or researching about this post.
---- I really wouldn't recommend the methodology of what you are doing for a number of reasons:
- It's possible that an upgrade to webmin could cause a change in permissions that you haven't anticipated it...it's happened in the past I believe.
- Given that the premise is that webmin has super user powers to accomplish everything, putting users on it however restricted you think it might be is just a single error away from breaking.
- Given webmin's history of security issues, it's best to consider limiting access to webmin to only a few systems.
Usermin however operates as the user and even if broken, doesn't represent nearly the same threat. I believe if you pursue this further on the webmin list, you will find that Jamie would concur that Usermin is the better methodology for this purpose.
Craig