Ability to limit the POST functions that an account can run.
If you want to create an account with limited functionality, the /usr/local/directadmin/scripts/custom/all_pre.sh script can be created for that task. A common reason is for API related command from a remote server. In this example, we'll show how to limit the command the "admin2" account can run, to only be allowed the basic dns api related functions for the multi server dns:
if [ "$username" = "admin2" ]; then
if [ "$command" = "/CMD_API_DNS_ADMIN" ]; then
if [ "$command" = "/CMD_API_LOGIN_TEST" ]; then
if [ "$command" = "/CMD_API_USER_EXISTS" ]; then
Save that to your all_pre.sh script. The same idea can be applies to any command that an account can run. Note that this only applies to POST functions. All "GET" functions are not hindered by this script.
Remember to chmod the all_pre.sh to 755.
It would likely be a good idea to also enable the all_pre.sh on HTM files
as well, so they can't even login, let alone do anything.
Related document: directadmin.com/features.php?id=672
As of DA 1.38.0, a the commands.allow and commands.deny feature can replace this:http://www.directadmin.com/features.php?id=1171
but does not have as much flexibility as the all_pre.sh, if you need to check variables.
As of DA 1.40.2, there is a new Login Key system
which allows separate passwords to be added to an account. These new keys (password) can be restricted based on IP, uses, expiry, and commands allowed.