Module access control for users in Webmin
Once a user has been given access to the module, you can limit him to just mounting or un-mounted selected filesystems by following these steps :
In the Webmin Users module, click on Disk and Network Filesystems next to the user’s name to bring up the access control form.
Change the Can edit module configuration? field to No to stop him from configuring the module to use a different fstab file or mount commands.
In the Filesystems that can be edited field, select Under listed directories and enter a list of mount points into the adjacent text box.
For example, you might enter /mnt/floppy /mnt/cdrom. It is also possible to enter a directory like /mnt to allow access to all filesystems under it.
Change the Can add new filesystems? field to No.
Change the Only allow mounting and unmounting? field to Yes, so that the user cannot actually edit filesystem details.
Hit the Save button to activate the new restrictions.
For more please visit - http://doxfer.com/Webmin/DiskAndNetworkFilesystems
How to limit server resource allocation to system users
The file /etc/security/limits.conf, contains the various limits for users or groups that can be set. In this case, we set the max locked-in-memory address space, memlock (KB). For example, if user bob needed to have a hard limit of 512 MB of RAM, then add in the following line:
‘domain’ ‘type’ ‘item’ ‘value’
buddy hard memlock 524288
Where domain can be
1. an user name
2. a group name, with @group syntax
3. the wildcard *, for default entry
4. the wildcard %, can be also used with %group syntax, for maxlogin limit
The “type” can have following two values
1. “soft” for enforcing the soft limits
2. “hard” for enforcing hard limits
The “item” can be one of the following values
1. core - limits the core file size (KB)
2. data - max data size (KB)
3. fsize - maximum filesize (KB)
4. memlock - max locked-in-memory address space (KB)
5. nofile - max number of open files
6. rss - max resident set size (KB)
7. stack - max stack size (KB)
8. cpu - max CPU time (MIN)
9. nproc - max number of processes
10. as - address space limit
11. maxlogins - max number of logins for this user
12. priority - the priority to run user process with
13. locks - max number of file locks the user can hold
Restrict users to their home directory in VSFTP
Sometimes you may want to restrict users to their home directory while doing FTP. You can achieve this in VSFTP with the following steps.
1. Open the VSFTPD configuration file “/etc/vsftpd.conf” . Uncomment the following lines.
chroot_local_user=YES
chroot_list_file=/etc/vsftpd.chroot_list
2. Create the file “/etc/vsftpd.chroot_list” and place the user names (one per line) that you want to restrict in that file.
3. Restart VSFTPD to take effect.
/etc/init.d/vsftpd restart
After this users listed in the file “/etc/vsftpd.chroot_list” will be locked up in their home directory.
