The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

add mod_userdir exception via API - howto?

Discussion in 'cPanel Developers' started by pcsousa, Jun 2, 2011.

  1. pcsousa

    pcsousa Well-Known Member

    Joined:
    May 28, 2004
    Messages:
    63
    Likes Received:
    0
    Trophy Points:
    6
    Hello.

    I want I have mod_userdir protection enabled by default (in WHM).
    But I need specific cpaccounts to have mod_userdir protection disabled (exception) when added by Cpanel/WHM XML API.

    How can I do this (disable protection for specific account)?

    Thank you.
     
  2. pcsousa

    pcsousa Well-Known Member

    Joined:
    May 28, 2004
    Messages:
    63
    Likes Received:
    0
    Trophy Points:
    6
    Any idea, pls?
     
  3. cPanelDavidN

    cPanelDavidN Integration Developer
    Staff Member

    Joined:
    Dec 17, 2009
    Messages:
    571
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    Houston, TX
    cPanel Access Level:
    Root Administrator
    Hi pcsousa,

    A couple things have to occur for the outcome you desire.
    1) The Apache/mod_userdir directive must be altered. Essentially, you'll be adding/updating a directive like "UserDir disabled $user1 $user" (mod_userdir documentation)
    2) There needs to be a signal and receiver process so that the remote call (create account) knows how to trigger the directive change
    3) Might need a cleanup routine for when you remove users, depending on where the directive statement lives.

    Now, I'm not an Apache guru, so I'll let someone get more explicit about setting directives per user, altering EasyApache profiles, etc. As far as the XML-API remote call is concerned, normally the 'signal' for a different type of user account would be a "plan". For our purposes, the actual contents of the plan don't have to differ. We're really just using the plan's name to denote 'treat the account creation differently'. Which brings us to the second part, the 'receiver'. You can use a script hook, wwwpostacct, that will look at the "plan" value; if "plan" value is "silver" then we need to call some custom script that handles the Apache stuff for use. Otherwise if the "plan" is "gold" we leave leave the Apache stuff alone (in which case the UserDir directives are probably enabled for users by default).

    Keep in mind, this will work for both remote calls as well as account creation in the UI.

    The cleanup would work the same way: a script hook, but this time you want to make one for prekillacct. It might not be needed if the directive changes occur in some include/site include that is unique to the user; in that case cPanel will be deleting that file. Otherwise, if the directive changes is in the httpd.conf file...you have to manage it yourself.

    Currently, there isn't a a script hook for when a plan is changes. For now, you'd have to do your own checking, may through a cron task.

    Hope this gets you started in the right direction.
    Regards,
    -DavidN
     
  4. cPanelTristan

    cPanelTristan Quality Assurance Analyst
    Staff Member

    Joined:
    Oct 2, 2010
    Messages:
    7,623
    Likes Received:
    21
    Trophy Points:
    38
    Location:
    somewhere over the rainbow
    cPanel Access Level:
    Root Administrator
    There are two locations that set the UserDir element in the user's VirtualHost configuration from what I can see.

    First, the WHM file that contains the settings for display when you go to WHM > Security Center > Apache mod_userdir Tweak area is this file:

    /var/cpanel/moddirdomains

    Next, the /var/cpanel/userdata/username/domain.com file will have this line in it (where username is the cPanel username and domain.com is the domain name):

    Code:
    userdirprotect: -1
    or
    Code:
    userdirprotect: ''
    The -1 entry indicates the domain does not have mod_userdir protection and is an exception. The '' entry indicates the domain does have mod_userdir protection and is not excluded.

    If you decide to set mod_userdir protection on the machine and then want to enable some domains to have it during creation, you could likely set up a script after creation as suggested by David to modify this element in both the userdata file for the domain and the /var/cpanel/moddirdomains file.

    Upon changing any element in /var/cpanel/userdata location, you would want to issue a rebuild and a restart of Apache using "/scripts/rebuildhttpdconf" and "/scripts/restartsrv_httpd" as well. I would highly suggest always making a backup copy of /usr/local/apache/conf/httpd.conf prior to rebuilding the configuration.
     
  5. pcsousa

    pcsousa Well-Known Member

    Joined:
    May 28, 2004
    Messages:
    63
    Likes Received:
    0
    Trophy Points:
    6
    Thank you both, DavidN and cPanelTristan
    I'll check forward to test.

    Regards.
     
Loading...

Share This Page