Killdns ACL List to API token

[smbutha]

Hi;

Am trying to run the killdns command from a curl script.

However am not able to get the right ACL list to assign the created token.

it only works when i provide "acl=all" while i would like to limit as below for example.

whmapi1 api_token_update token_name=examplename expires_at=0 acl-1=kill-dns acl-2=clustering acl-3=ns-config acl-4=manage-dns-records acl-5=status acl-6=park-dns acl-7=create-dns acl-8=edit-dns

 

[cPanelLauren]

After quite a bit of research into this I believe this is because of how the ACL's are categorized for the token. It looks like you can't perform this function without the ALL ACL per the killdns Perl module:

            if ( Whostmgr::ACLS::hasroot() || Whostmgr::AcctInfo::Owner::checkowner( $ENV{'REMOTE_USER'}, $owner ) ) {

 

[smbutha]

As feature to have maybe we can add the restriction as it leaves the token open to other unrestricted operations.

Am also not finding the whmapi1 counterpart to the utility script /scripts/dnscluster synczone <zone>.......could you point me in the right direction whether it exists?

Appreciated.

 

[cPanelLauren]

There really isn't one but you can use the following script:

[[email protected] statsbar]# /scripts/dnscluster --help
Usage: dnscluster [ACTION] [OPTIONS]...

Examples:
   /usr/local/cpanel/scripts/dnscluster syncall --full               # Sync all zones (even ones not in /etc/userdomains)
   /usr/local/cpanel/scripts/dnscluster synczonelocal mydomain.org   # Sync mydomain.org to the local machine

Actions:
    syncall [--full] - make sure all dns zones are
       in sync within the cluster. If any zone files
       are out out of sync, the ones with the largest
       serial numbers will be copied to all servers.

    syncalllocal [--full] - make sure all dns zones are
       in sync within the cluster. If any zone files are
       out out of sync, the ones with the largest serial
       numbers will be copied to the local server only.

    synczone <zone> - sync one zone
       If the zone is out out of sync, the one with the largest
       serial number will be copied to all servers.

    synczonelocal <zone> - sync one zone
       If the zone is out out of sync, the one with the largest
       serial number will be copied to the local server.

Operation modifiers:
    -F, --full
       If the --full flag is specified then zones that are not
       local to this server (in /etc/userdomains) will be pulled
       in as well.  This was the default behavior prior to 11.24.5

Help:
    -H, --help (or no arguments)
       This will show this screen.

 

[smbutha]

Thankyou.