Ability to limit the POST functions that an account can run.


Enter Your Query:
Use '%' for wildcards and quotes for "exact phrases"


Top Level » DirectAdmin

Ability to limit the POST functions that an account can run.Last Modified: Feb 6, 2012, 4:41 pm
If you want to create an account with limited functionality, the /usr/local/directadmin/scripts/custom/all_pre.sh script can be created for that task.  A common reason is for API related command from a remote server.  In this example, we'll show how to limit the command the "admin2" account can run, to only be allowed the basic dns api related functions for the multi server dns:

#!/bin/sh
if [ "$username" = "admin2" ]; then
   if [ "$command" = "/CMD_API_DNS_ADMIN" ]; then
       exit 0;
   fi
   if [ "$command" = "/CMD_API_LOGIN_TEST" ]; then
       exit 0;
   fi
   if [ "$command" = "/CMD_API_USER_EXISTS" ]; then
       exit 0;
   fi
   exit 1;
fi
exit 0;

Save that to your all_pre.sh script.  The same idea can be applies to any command that an account can run.  Note that this only applies to POST functions.  All "GET" functions are not hindered by this script.

Remember to chmod the all_pre.sh to 755.

It would likely be a good idea to also enable the all_pre.sh on HTM files as well, so they can't even login, let alone do anything.

Related document: directadmin.com/features.php?id=672

As of DA 1.38.0, a the commands.allow and commands.deny feature can replace this:http://www.directadmin.com/features.php?id=1171 but does not have as much flexibility as the all_pre.sh, if you need to check variables.


As of DA 1.40.2, there is a new Login Key system which allows separate passwords to be added to an account.  These new keys (password) can be restricted based on IP, uses, expiry, and commands allowed.
 
Related Helpfiles
Using the all_pre.sh script to do custom filtering on any function.
How to setup a limit so that Users/Resellers cannot create more than 200 domains on a server.
Creating a Login Key to use with your API, script, or temporary login, to keep your password safe

© 2018 JBMC Software, Suite 173  3-11 Bellerose Drive, St Albert, AB  T8N 1P7  Canada.  Mon-Fri 9AM-5PM MST