Server administrators exercise the ultimate authority over a hosting server. They can even grant or deprive the user accounts of some of that authority. Admins of DirectAdmin servers can exercise this power as they can block some of the commands that users can run.
Block DirectAdmin Commands for all the User Accounts
The never_commands setting in /usr/local/directadmin/conf/directadmin.conf file will block commands globally and for all the users on the server.
The syntax to block commands with the never_commands setting:
It will block the commands to create new admin accounts.
For the command to take effect, restart DirectAdmin:
service directadmin restart
Block the DirectAdmin Commands for Specific Users.
For specific users, blocking commands requires a bit of preparation.
1. Create files commands.allow and commands.deny. These files are very similar to the CSF files – csf.allow and csf.deny.
Let’s see what to put in these files-
- commands.allow: The DirectAdmin commands that the user is allowed to use.
- commands.deny: The DirectAdmin commands you want to deny/block for the user.
- Enter one command per line.
- If a command is present in both commands.allow and commands.deny files, the user is allowed to use the command.
- If the commands.allow file is empty, i.e. there are no commands in it, the system will block every command for the user.
- Users cannot use the commands exceeding their access level even after adding them to commands.allow.
The moment a user tries to execute a command you have denied or blocked, DirectAdmin will give an error message.
Here are the links where you can find all the DirectAdmin commands:
You can block these commands globally or for a specific user on your DirectAdmin server.