Multi Server Setup - only Admin user?

R

Royal Flash

Verified User
Joined
Aug 19, 2012
Messages
25
Hello

Only a user with a level of "Admin" can send a data file to DNS?

If this is so, it is not very safe, as the administrator password server B is stored in plain text in the server A and server A burglary entails breaking into the server B. ..

I have 2 servers with two licenses DA. Want with Multi Server Setup to send the changes to the DNS server A to server B. This action is obtained only if specified in List of External Servers Server A user with Admin level server B. Attempts to change the DNS server with user B "Reseller" or "User" - getting the error in the log file:
2012:08:19-19:42:05: Cluster ...: Error checking for remote dns zone (xxx.xx): (null)
2012:08:19-19:42:06: Cluster: Error writing remote dns zone: (null)
Although the "Test connection" writes OK.
 
Hello,

There are a few tools you can use:

1) Use the Login Keys to create a new password for "admin", to restrict that password to only be valid for certain commands, and only from a certain IP address:
http://www.directadmin.com/features.php?id=1298
http://www.directadmin.com/features.php?id=1307

Basically:
User Level -> Login Keys

2) Else, you could use the all_pre.sh to only allow "admin2" to run certain commands (same idea as the login keys, just done manually)
http://help.directadmin.com/item.php?id=150

3) Regarding the mentioned errors, I checked the code and it may be logging when it shouldn't be. You can likely ignore it if it's working correctly.

John
 
Thanks.

I took the opportunity to number 2. Checked - works: let admin2 administrator in the control panel but does not perform any action.

Possibility 1: tell me how to bind the "Login Key" to a user? What are the keys to allow, if the administrator need only to update the file DNS? This option seems preferable (extra protection on IP).

On the third issue - the error occurs only when I tried to use user-level "user" or "reseller".

P.S. Random questions: "one three five seven" - did not understand what should be the response? "9" and "nine" does not fit ...
 
Hello,

To create a Login Key for a specific User, you must login as that User, and Login Keys must be enabled for that User.
You can then go to the Login Keys page to create a key.

The commands required are the following (same as id=150)
Code: 
CMD_API_DNS_ADMIN
CMD_API_LOGIN_TEST
CMD_API_USER_EXISTS

Depending on which errors you're referring to, if you're trying to "browse" with an account that has limits on it (either keys or the all_pre.sh), you'd need to allow any commands that you want to browse to.
However, with the Login Key system, you can enable the checkbox for "Allow HTM" to allow browsing (HTM files can't execute anything)

Random Question Hint: prime numbers.

John
 
You must log in or register to reply here.
Back
Top