API call CMD_DOMAIN change chgrp for user homedir

[cichy]

Hi,
for internal security we set custom permissions for homedir:

:/home $ ls -las damiantest
total 56
4 drwxrwx---+   9 root       damiantest 4096 Aug 18 15:06 .
4 drwx--x--x  106 root       root       4096 Aug 18 13:28 ..
4 -rw-r--r--    1 damiantest damiantest  220 Aug  4  2021 .bash_logout
4 -rw-r--r--    1 damiantest damiantest   44 Aug 15 22:37 .bash_profile
4 -rw-r--r--    1 damiantest damiantest 3526 Aug  4  2021 .bashrc
4 drwx--x--x    4 damiantest damiantest 4096 Aug 15 23:22 domains
4 drwxrwx---    4 damiantest mail       4096 Aug 15 23:22 imap
4 drwxrwx---    9 damiantest mail       4096 Aug 18 14:13 Maildir
4 drwxrwx---    2 damiantest apache     4096 Aug 15 22:35 .php
4 -rw-r--r--    1 damiantest damiantest  807 Aug  4  2021 .profile

:/home $ getfacl damiantest
# file: damiantest
# owner: root
# group: damiantest <--- BEFORE
user::rwx
user:daemon:r-x
user:mail:r-x
user:apache:r-x
user:ftp:r-x
user:majordomo:r-x
group::rwx
group:mail:r-x
mask::rwx
other::---

Everything work fine but when execute on DirectAdmin panel:

the API call:

curl 'https://example.com:2222/CMD_DOMAIN?json=yes' \
...
  --data-raw '{"domain":"domain1.com","val":"directory","force_ssl":"yes","json":"yes","action":"private_html"}' \
  --compressed

Change permission to:

:/home $ ls -las damiantest
total 56
4 drwx--x---+   9 root       access     4096 Aug 18 15:06 .
4 drwx--x--x  106 root       root       4096 Aug 18 13:28 ..
4 -rw-r--r--    1 damiantest damiantest  220 Aug  4  2021 .bash_logout
4 -rw-r--r--    1 damiantest damiantest   44 Aug 15 22:37 .bash_profile
4 -rw-r--r--    1 damiantest damiantest 3526 Aug  4  2021 .bashrc
4 drwx--x--x    4 damiantest damiantest 4096 Aug 15 23:22 domains
4 drwxrwx---    4 damiantest mail       4096 Aug 15 23:22 imap
4 drwxrwx---    9 damiantest mail       4096 Aug 18 14:13 Maildir
4 drwxrwx---    2 damiantest apache     4096 Aug 15 22:35 .php
4 -rw-r--r--    1 damiantest damiantest  807 Aug  4  2021 .profile

:/home $ getfacl damiantest
# file: damiantest
# owner: root
# group: access <--- AFTER
user::rwx
user:daemon:r-x                 #effective:--x
user:mail:r-x                   #effective:--x
user:apache:r-x                 #effective:--x
user:ftp:r-x                    #effective:--x
user:majordomo:r-x              #effective:--x
group::rwx                      #effective:--x
group:mail:r-x                  #effective:--x
mask::--x
other::---

How to customize the call for our permisions?
Maybe is possible to add action after the Api call executed?

Can you help @smtalk ?

 

[cichy]

https://docs.directadmin.com/developer/hooks/domain_management.html#domain-modify-pre-post-sh not work for the action..

 

[cichy]

I finded https://docs.directadmin.com/developer/hooks/miscellaneous.html#all-pre-post-sh ... but maybe DA have better solution for my problem.