Different password for FTP, DA, Mail

B

barut

Verified User
Joined
Sep 29, 2008
Messages
18
When a create user, DA give identical passwords for all services - FTP, SSH, MAIL, DA.
I want different passwords for services, because if i know FTP password, i know all other.
How can i do this???

P.S. Sorry, my english is poor.
 
The user can separately change their password for these:

DirectAdmin Account
Main FTP Account
Main Database Account
 
our users are lazy :)
they don't want change passwords.

If DA can give different passwords when he create new user, please, tell me.
 
It cannot do it as it is. You can create a script to do it after the user is created.
 
The initial question is six years old, but I still find it very relevant. The general advice I read on this forum, is to not have the same password for a user's DirectAdmin login, main email account and main FTP account. Yet, DirectAdmin will do just that when a new user is created.

Does anyone have a script lying around that creates seperate passwords for DA, email and FTP at user creation?
 
Hi,

i just wrote to DA Staff with a link on this thread, should be a Feature Request, so maybe John would implement that if that's not too complicated.

Best regards
 
SeLLeRoNe said:
Hi,
i just wrote to DA Staff with a link on this thread, should be a Feature Request
Best regards
Click to expand...

Thanks Andrea.

Is there a list of all pending feature requests published somewhere? I have a few others I'd like to run by the DirectAdmin team (not that I think they have too much time on their hands, but still...)
 
John as replied me, here it is:

Hmmm... possible, yes.

Note that MySQL doesn't matter, as DA doesn't touch MySQL during User creation, so no MySQL account can be changed anyway (no DB is created)
However, DB creation afterwards does add the User account.. and needs to match the User pass as the session password is used for various scenarios, eg: DA uses it for downloads/restores with restricted permissions (restores as da_admin is not secure, so DA doesn't do it)

For Mail, it must match the DA password, because dovecot uses the system account in /etc/shadow, so if it was different, that would also affect the DA login.
Same for ssh, as that checks /etc/passwd.

The only real viable different password would be ftp...
There was a recent request to actually have the ability to delete the system account, which I was considering adding... (if it's manually delete from /etc/proftpd.passwd, DA does hide it in the ftp page)
It might be simplest to give a directadmin.conf option not to create any system ftp account, and they can create one if they want, with some other password.
Although, there isn't much stopping the User from using the same password again when adding it.. unless DA actually forces a different value, which would probably also annoy clients...
Click to expand...

Regards
 
Thanks for posting the reply here, Andrea.

Note that MySQL doesn't matter, as DA doesn't touch MySQL during User creation
Click to expand...

Yes, I left out MySQL, because I realized that there is no database at user creation. But apparantly there is a main DB account whenever a new database is created later.

Then, for the other arguments that John mentions, I don't quite follow. If the GUI allows you to change the passwords for DA, FTP and main DB account individually, and still manage to keep everything working, then why isn't this possible at creation-time?

Screen Shot 2015-07-06 at 15.14.05.png

As for email, wouldn't it be better to not create that main username+domain account, but to have an mandatory new email account here:

new_user.png

Perhaps I'm oversimplifying things, but I think DA could do with some more emphasis on security.
 
Last edited:
Regardin MySQL, as John sayd, is used on backup/restore, thats why it should match, but i see your point on password change possibility.

For E-Mail, the main one is created for the system account (so, the DA user is a System User on linux, and it does have its own "mail") and since is the System User, and DA login use the System user, they have to match...

Regards
 
SeLLeRoNe said:
(so, the DA user is a System User on linux, and it does have its own "mail") and since is the System User, and DA login use the System user, they have to match...
Click to expand...

Okay, I now see how heavily these are intertwined. Not as easy to pull them apart as I hoped.
 
You must log in or register to reply here.
Back
Top