add mod_userdir exception via API - howto?

[pcsousa]

Hello.

I want I have mod_userdir protection enabled by default (in WHM).
But I need specific cpaccounts to have mod_userdir protection disabled (exception) when added by Cpanel/WHM XML API.

How can I do this (disable protection for specific account)?

Thank you.

 

[pcsousa]

Any idea, pls?

 

[cPanelDavidN]

Hi pcsousa,

A couple things have to occur for the outcome you desire.
1) The Apache/mod_userdir directive must be altered. Essentially, you'll be adding/updating a directive like "UserDir disabled $user1 $user" (mod_userdir documentation)
2) There needs to be a signal and receiver process so that the remote call (create account) knows how to trigger the directive change
3) Might need a cleanup routine for when you remove users, depending on where the directive statement lives.

Now, I'm not an Apache guru, so I'll let someone get more explicit about setting directives per user, altering EasyApache profiles, etc. As far as the XML-API remote call is concerned, normally the 'signal' for a different type of user account would be a "plan". For our purposes, the actual contents of the plan don't have to differ. We're really just using the plan's name to denote 'treat the account creation differently'. Which brings us to the second part, the 'receiver'. You can use a script hook, wwwpostacct, that will look at the "plan" value; if "plan" value is "silver" then we need to call some custom script that handles the Apache stuff for use. Otherwise if the "plan" is "gold" we leave leave the Apache stuff alone (in which case the UserDir directives are probably enabled for users by default).

Keep in mind, this will work for both remote calls as well as account creation in the UI.

The cleanup would work the same way: a script hook, but this time you want to make one for prekillacct. It might not be needed if the directive changes occur in some include/site include that is unique to the user; in that case cPanel will be deleting that file. Otherwise, if the directive changes is in the httpd.conf file...you have to manage it yourself.

Currently, there isn't a a script hook for when a plan is changes. For now, you'd have to do your own checking, may through a cron task.

Hope this gets you started in the right direction.
Regards,
-DavidN

 

[cPanelTristan]

There are two locations that set the UserDir element in the user's VirtualHost configuration from what I can see.

First, the WHM file that contains the settings for display when you go to WHM > Security Center > Apache mod_userdir Tweak area is this file:

/var/cpanel/moddirdomains

Next, the /var/cpanel/userdata/username/domain.com file will have this line in it (where username is the cPanel username and domain.com is the domain name):

userdirprotect: -1

or

userdirprotect: ''

The -1 entry indicates the domain does not have mod_userdir protection and is an exception. The '' entry indicates the domain does have mod_userdir protection and is not excluded.

If you decide to set mod_userdir protection on the machine and then want to enable some domains to have it during creation, you could likely set up a script after creation as suggested by David to modify this element in both the userdata file for the domain and the /var/cpanel/moddirdomains file.

Upon changing any element in /var/cpanel/userdata location, you would want to issue a rebuild and a restart of Apache using "/scripts/rebuildhttpdconf" and "/scripts/restartsrv_httpd" as well. I would highly suggest always making a backup copy of /usr/local/apache/conf/httpd.conf prior to rebuilding the configuration.

 

[pcsousa]

Thank you both, DavidN and cPanelTristan
I'll check forward to test.

Regards.