Knowledgebase
Ability to limit the POST functions that an account can run.
If you want to create an account with limited functionality, the /usr/local/directadmin/scripts/custom/all_pre.sh script can be created for that task. A common reason is for API related command from a remote server. In this example, we'll show how to limit the command the "admin2" account can run, to only be allowed the basic dns api related functions for the multi server dns:
Remember to chmod the all_pre.sh to 755.
It would likely be a good idea to also enable the all_pre.sh on HTM files as well, so they can't even login, let alone do anything.
Related document: directadmin.com/features.php?id=672
As of DA 1.38.0, a the commands.allow and commands.deny feature can replace this:http://www.directadmin.com/features.php?id=1171 but does not have as much flexibility as the all_pre.sh, if you need to check variables.
As of DA 1.40.2, there is a new Login Key system which allows separate passwords to be added to an account. These new keys (password) can be restricted based on IP, uses, expiry, and commands allowed.
#!/bin/sh
if [ "$username" = "admin2" ]; then
if [ "$command" = "/CMD_API_DNS_ADMIN" ]; then
exit 0;
fi
if [ "$command" = "/CMD_API_LOGIN_TEST" ]; then
exit 0;
fi
if [ "$command" = "/CMD_API_USER_EXISTS" ]; then
exit 0;
fi
exit 1;
fi
exit 0;
Remember to chmod the all_pre.sh to 755.
It would likely be a good idea to also enable the all_pre.sh on HTM files as well, so they can't even login, let alone do anything.
Related document: directadmin.com/features.php?id=672
As of DA 1.38.0, a the commands.allow and commands.deny feature can replace this:http://www.directadmin.com/features.php?id=1171 but does not have as much flexibility as the all_pre.sh, if you need to check variables.
As of DA 1.40.2, there is a new Login Key system which allows separate passwords to be added to an account. These new keys (password) can be restricted based on IP, uses, expiry, and commands allowed.