add mod_userdir exception via API - howto?

pcsousa

Well-Known Member
May 28, 2004
63
0
156
Hello.

I want I have mod_userdir protection enabled by default (in WHM).
But I need specific cpaccounts to have mod_userdir protection disabled (exception) when added by Cpanel/WHM XML API.

How can I do this (disable protection for specific account)?

Thank you.
 

cPanelDavidN

Well-Known Member
Staff member
Dec 17, 2009
571
3
68
Houston, TX
cPanel Access Level
Root Administrator
Hi pcsousa,

A couple things have to occur for the outcome you desire.
1) The Apache/mod_userdir directive must be altered. Essentially, you'll be adding/updating a directive like "UserDir disabled $user1 $user" (mod_userdir documentation)
2) There needs to be a signal and receiver process so that the remote call (create account) knows how to trigger the directive change
3) Might need a cleanup routine for when you remove users, depending on where the directive statement lives.

Now, I'm not an Apache guru, so I'll let someone get more explicit about setting directives per user, altering EasyApache profiles, etc. As far as the XML-API remote call is concerned, normally the 'signal' for a different type of user account would be a "plan". For our purposes, the actual contents of the plan don't have to differ. We're really just using the plan's name to denote 'treat the account creation differently'. Which brings us to the second part, the 'receiver'. You can use a script hook, wwwpostacct, that will look at the "plan" value; if "plan" value is "silver" then we need to call some custom script that handles the Apache stuff for use. Otherwise if the "plan" is "gold" we leave leave the Apache stuff alone (in which case the UserDir directives are probably enabled for users by default).

Keep in mind, this will work for both remote calls as well as account creation in the UI.

The cleanup would work the same way: a script hook, but this time you want to make one for prekillacct. It might not be needed if the directive changes occur in some include/site include that is unique to the user; in that case cPanel will be deleting that file. Otherwise, if the directive changes is in the httpd.conf file...you have to manage it yourself.

Currently, there isn't a a script hook for when a plan is changes. For now, you'd have to do your own checking, may through a cron task.

Hope this gets you started in the right direction.
Regards,
-DavidN
 

cPanelTristan

Quality Assurance Analyst
Staff member
Oct 2, 2010
7,607
40
248
somewhere over the rainbow
cPanel Access Level
Root Administrator
There are two locations that set the UserDir element in the user's VirtualHost configuration from what I can see.

First, the WHM file that contains the settings for display when you go to WHM > Security Center > Apache mod_userdir Tweak area is this file:

/var/cpanel/moddirdomains

Next, the /var/cpanel/userdata/username/domain.com file will have this line in it (where username is the cPanel username and domain.com is the domain name):

Code:
userdirprotect: -1
or
Code:
userdirprotect: ''
The -1 entry indicates the domain does not have mod_userdir protection and is an exception. The '' entry indicates the domain does have mod_userdir protection and is not excluded.

If you decide to set mod_userdir protection on the machine and then want to enable some domains to have it during creation, you could likely set up a script after creation as suggested by David to modify this element in both the userdata file for the domain and the /var/cpanel/moddirdomains file.

Upon changing any element in /var/cpanel/userdata location, you would want to issue a rebuild and a restart of Apache using "/scripts/rebuildhttpdconf" and "/scripts/restartsrv_httpd" as well. I would highly suggest always making a backup copy of /usr/local/apache/conf/httpd.conf prior to rebuilding the configuration.
 

pcsousa

Well-Known Member
May 28, 2004
63
0
156
Thank you both, DavidN and cPanelTristan
I'll check forward to test.

Regards.