Custom Package Items, Hooks, and commands.deny/commands.allow


Enter Your Query:
Use '%' for wildcards and quotes for "exact phrases"


Top Level » DirectAdmin » Custom Scripting

Custom Package Items, Hooks, and commands.deny/commands.allowLast Modified: Nov 29, 2019, 9:26 pm
Say you want to control which CMDs are valid in a given account, and control this in a package.
This can be done using a combination of:
  1. Custom Package Items to setup the choice in the package
  2. The user_create_post.sh and user_modify_post.sh hooks to take action after the account is changed.
  3. and the commands.allow and/or commands.deny to be the final list of settings that gover what the User can do based on the selected option in the package.



Let's say we want an "E-mail Only" type package.   So we'll use the commands.allow to only list commands needed for this.
  1. Create the file

    account_allow=type=listbox&item1txt=All Features&item1val=all&item2txt=E-Mail Only&item2val=email&string=Select Featureset&desc=Ability to select core features&default=all

    This should let your packages show 2 options (you can add more if needed), just note that we're naming it "account_allow" and when "account_allow=all" is used, that's when we restrict things.
  2. We need to create a hook to control what happens when a User is set to a given "account_allow" option.  Create:

    /usr/local/directadmin/scripts/custom/user_create_post.sh

    and in it, put the following code:

    #!/bin/sh
    CA=/usr/local/directadmin/data/users/$username/commands.allow
    if [ "${account_allow}" = "email" ]; then
           cp -f /root/allows/email.list $CA
    fi
    if [ "${account_allow}" = "" ] || [ "${account_allow}" = "all" ]; then
           rm -f $CA
    fi
    exit 0;

    and chmod the script to 755.
  3. Create the

    /root/allows/email.list

    containing email-related commands:

    CMD_ADDITIONAL_DOMAINS
    CMD_AJAX_CHECK_DOMAIN
    CMD_AJAX_CHECK_PASSWORD
    CMD_AJAX_SEARCH
    CMD_BANDWIDTH_BREAKDOWN
    CMD_CHANGE_DOMAIN
    CMD_CHANGE_INFO
    CMD_DOMAIN
    CMD_EMAIL_AUTORESPONDER
    CMD_EMAIL_AUTORESPONDER_CREATE
    CMD_EMAIL_AUTORESPONDER_MODIFY
    CMD_EMAIL_CATCH_ALL
    CMD_EMAIL_FILTER
    CMD_EMAIL_FORWARDER
    CMD_EMAIL_FORWARDER_MODIFY
    CMD_EMAIL_LIST
    CMD_EMAIL_POP
    CMD_EMAIL_REG
    CMD_EMAIL_USAGE
    CMD_EMAIL_VACATION
    CMD_EMAIL_VACATION_CREATE
    CMD_EMAIL_VACATION_MODIFY
    CMD_JSON_LANG
    CMD_JSON_OPTIONS
    CMD_JSON_VALIDATE
    CMD_LICENSE_VERIFY
    CMD_LOGIN
    CMD_LOGIN_HISTORY
    CMD_LOGOUT
    CMD_PASSWD
    CMD_SECURITY_QUESTIONS
    CMD_TWOSTEP_AUTH
    CMD_SHOW_DOMAIN
    CMD_SITE_BACKUP
    CMD_SPAMASSASSIN
    CMD_TICKET
    CMD_TICKET_CREATE
    CMD_USER_HISTORY
    CMD_USER_STATS
    CMD_WEBMAIL_LOGIN
    CMD_WIDGET

    Adjust this however you need.. or your could invert it, to control commands.deny, for example if you want a 100% block of CMD_DB_* functions, just list all CMD_DB* and CMD_API_DB calls. (although, simply setting a max of 0 databases would accomplish the same)
  4. Relating to the user_create_post.sh, there is a user_modify_post.sh hook script.  Since you may want to turn a feature on/off we need this too, but since the user_create_post.sh literally does the same thing, we can simply create a symlink to it:

    cd /usr/local/directadmin/scripts/custom
    ln -s user_create_post.sh user_modify_post.sh

That's basically it.   You can now select the "E-Mail Only" option from the package, or for a given User, and it will apply this commands.allow file to them.   We'd also recommend setting all related other functions to 0 (eg: Max: 0 databases, 0 ftp accounts, etc), as applicable.

© 2018 JBMC Software, Suite 173  3-11 Bellerose Drive, St Albert, AB  T8N 1P7  Canada.  Mon-Fri 9AM-5PM MST