Solved Disable certain options in all packages to be created

Richard G

Richard G

Verified User
Joined
Jul 6, 2008
Messages
13,776
Location
Maastricht
Oke this is what I want.
I want admin (and all resellers) not be able to use or activate certain things in packages they will create.

These things are:
1.) CGI Access
2.) Anonymous FTP
3.) Catch-all emails
4.) SSH access
5.) SSH access for users

Now I've had a look at the documentation and this documentation, but if I read that, my head starts spinning, especially since I'm not native English. Although my writing is fairly good.
Anyway, I'm a more practical person and learn better that way.

Can somebody tell me with an example, which file to create where and what to put in to it?
 
I think this is some what related to my inquiry at:

Reseller restrictions not being observed in reseller package creation

If the admin user creates a Reseller and gives that Reseller, say 0 Mailing Lists. The Reseller is still able to create packages in their panel with a Mailing List number. Is this the expected behavior? Additionally, resellers with a non-unlimited disk space and bandwidth limits are allowed...
forum.directadmin.com forum.directadmin.com

It looks like this information is being parsed from a /CMD_SHOW_USER_PACKAGE API call. But I don't know how to tell /CMD_SHOW_USER_PACKAGE to pick up different default values and changes to disabled. An option returning disabled doesn't appear to be honored.
 
About Reseller,
If you disable some option in reseller package, they can't create any users with option that your disabled. ( It will not showing the options in User Package, or User Modifier ).

And for admin, before creating users, it need Reseller Package too.

So you need hook script "package_write_pre", this hook will cover "Reseller Package" and "User Package"

Package hooks | Directadmin Docs

DirectAdmin Knowledge Base
docs.directadmin.com

#package_write_pre.sh
Code: 
#!/bin/bash
if [ "${ssh}" == "ON" ]; then
  echo "SSH option can't be ON";
  exit 1;
fi

if [ "${cgi}" == "ON" ]; then
  echo "CGI option can't be ON";
  exit 1;
fi

if [ "${aftp}" == "ON" ]; then
  echo "Anonymous FTP option can't be ON";
  exit 1;
fi

if [ "${catchall}" == "ON" ]; then
  echo "catchall Email option can't be ON";
  exit 1;
fi

exit 0;

#note
SSH=OFF, will disable all for reseller and their users
 
Thank you very much @jamgames2! (y)
I'm no scripter zo your example is -very- helpfull to me otherwise I wouldn't have known how to do this.
Pity they did not add an example in the docs like this.

So if I read the docs correctly now in new situation it's best to put it like this:
/usr/local/directadmin/scripts/custom/package_write_pre/your_custom_name.sh
and the name I use doesn't matter?

And this will not only work for resellers but also for admins?

jamgames2 said:
SSH=OFF, will disable all for reseller and their users
Click to expand...
But admin still has acces then right?
 
Last edited:
Imagine,
Admin -> Create Reseller Package -> Create Reseller -> Create User Package -> Create User
Admin -> Create User Package -> Create User

so even Admin, they need to create reseller package. so it should work if you just want to disable for all their customer ( User, Reseller ).
Reseller Package will running hook "package_write_pre" too same as User Package.
 
Thank you.

But Admin also has reseller level and can create a user package directly too. So that's why I was wondering.

Is there also an option to change a template (or something) so these things are de-selected by default when the button "create package" is selected?
 
I don't know where "create package" button you talk about. But if it meant "Add Package" in the picture, it will deselect by default after redirect to the page.
1682600329249.png


if you meant "save" button in Package Creation page.
so far, I just use for read variable, I don't know if it could or not to set GET/POST value like
Code: 
#!/bin/bash
export ssh=OFF
export cgi=OFF
export aftp=OFF
export catchall=OFF
 
jamgames2 said:
But if it meant "Add Package" in the picture
Click to expand...
Yes sorry, I meant the "add package" option. Would be nice if things would already be deselected there on forehand.

At this moment it does not deselect anything from the script in the package when only pushing the "add package".

But when clicking the "save" button (in the add package part), it will show a link to the script and stating "CGI is not allowed" as mentioned in the script.
So that part is working fine.
 
jamgames2 said:
About Reseller,
If you disable some option in reseller package, they can't create any users with option that your disabled. ( It will not showing the options in User Package, or User Modifier ).
Click to expand...

I'm not finding this to be true. Although, I suppose "disable" and "option" may have different meanings here.

From the admin panel when creating a reseller, if I set that reseller to have 0 mailing lists - what I'd consider "disabling" the mailing list "option":

admin-reseller1.png


But then log into the reseller and navigate to Add Package, I see:
reseller-create-package1.png


My expectation would be that either Mailing Lists doesn't show or is grayed out or disabled. But maybe that's just my expectation.

I would further append this "request" to be able to define "default" values for these items. Most of these items, Domains, Email Accounts, Email Forwarders, etc. I would suspect that most resellers would just offer unlimited - but perhaps this should be a decision that the admin makes on a per reseller basis.

Now... it is true that if that admin "disables" "options" near the bottom of the reseller package page - the ones with checkboxes:
reseller-create-package2.png


Those options not checked will not be visible on the Reseller's Add Package page. But I'd argue why the same governance is not given for the options above these "check box only" options.
 
Yes sorry, I meant the "add package" option. Would be nice if things would already be deselected there on forehand.
Click to expand...
Oh, I see it. In my server
on "Admin" account, only "Manage Reseller Packages" page have always selected. But "Manage User Packages" page doesn't selected by default.

So this meant, document have wrong. Because it mention on their about Reseller Package.
1682604182754.png
 
jamgames2 said:
#package_write_pre.sh
Click to expand...

The script can be expanded to check what a reseller has in their own /usr/local/directadmin/data/users/<RESELLER>/reseller.conf

I don't have a complete and working example yet, just a raw idea:

Bash: 
#!/bin/bash
is_allowed_ssh=$(grep ^userssh= /usr/local/directadmin/data/users/${RESELLER}/reseller.conf | cut -d= -f2)

if [ "${is_allowed_ssh}" == "OFF" ] && [ "${ssh}" == "ON" ]; then
    echo "SSH option can't be ON";
    exit 1;
fi;

Please note, the variable ${RESELLER} is just an example. In the script you will probably need to use either ${user} or ${username}.

p.s. A question might arise if a reseller got a "fine" from an admin and lost permissions to use SSH. Their users will need to be updated too...

p.p.s. A reseller has two options:

  • ssh=ON|OFF
  • userssh=ON|OFF
I guess userssh defines whether a reseller is allowed to give their users a SSH access.
 
zEitEr said:
Please note, the variable ${RESELLER} is just an example. In the script you will probably need to use either ${user} or ${username}.
Click to expand...
Thank you.
But it seems the example from @jamgames2 which I'm using now is working fine and giving the "can't be ON" notice on every user package added either by admin or by reseller. And also on adding a reseller package will give notice.

As you know I'm not a scripter. I see room for some improvement, but I don't know if that is easy to be done.

Suppose we start from my example of the 5 things mentioned which I don't want to be added.
In case I select all 5, then in the "xxx option can't be ON" only 1 option is mentioned. When this is disabled, the second invalid option is mentioned, and so on.

Is it difficult to change the script so it checks which options are on and should be off and echo's all those enabled (which shouldn't)? So admin can see at once that he (for example) has to disable 3 options instead of having to go back 3 times to disable them seperately?

If it's too much work no problem, then the admin has to work a little bit more. :)

Or is that what your example is suggesting?
 
I tested native DirectAdmin interface without custom pre scripts, and can assume the following. When userssh=OFF, a reseller is not allowed to enable SSH in user packages, at least in Evolution skin.
 

Attachments

  • userssh=off.png
    userssh=off.png
    9 KB · Views: 74
zEitEr said:
When userssh=OFF, a reseller is not allowed to enable SSH in user packages, at least in Evolution skin.
Click to expand...
That correct, as far as I know this is also working the same in Enhanced skin by default (without any scripts).

Problem was that admin regularly does not pay attention and clicks and then by accident enables SSH or SSH (or catch all email) for resellers or users. Now with the script he can't make this mistake anymore.

I also wanted admin to not have one or two of the options for himself, so I disabled those in the admin's user.conf file.
 
And even more: I disabled the following items in a reseller package:
  • Anonymous FTP Accounts
  • CGI Access
  • PHP Access
  • SpamAssassin
  • Catch-All E-mail
  • SSH Access for Users
And as a reseller I can not either see or enable this options when creating an user package. Again Evolution skin used.

Reseller package - screenshot one
User package - screenshot two

Though a reseller having subdomains=10 was allowed to create a package with subdomains=100 even when oversell=OFF. I did not go that far and did not test users ability to create subdomains.
 

Attachments

  • reseller-package-edit.png
    reseller-package-edit.png
    38.1 KB · Views: 84
  • user-package-edit.png
    user-package-edit.png
    37 KB · Views: 85
zEitEr said:
And as a reseller I can not either see or enable this options when creating an user package. Again Evolution skin used.
Click to expand...
Yes that's working by default that is correct. But my question was for admin, not for reseller. ;)

I wanted to prevent admin to make the choices by mistake when creating packages. So that's what I need the script for, not for resellers indeed.
 
zEitEr said:
Please note, the variable ${RESELLER} is just an example. In the script you will probably need to use either ${user} or ${username}.
Click to expand...
From what I am able to tell no ${user} or ${username} is passed to package_write_pre.sh

You have to "guess" at the reseller's username by the ${package_filename} variable:

THEUSER="$(echo "${package_filename}" | cut -d / -f 4)"

Still... this is a less than ideal solution if you ask me. Resellers would only learn that they don't have access to certain items AFTER they've filled out the add a package form. Not giving them the option to even fill out certain items they don't have access to would seem to be ideal and make them mostly oblivious to what they don't have access to.
 
You must log in or register to reply here.
Back
Top