How to Block DirectAdmin Commands for Users?

Server administrators exercise the ultimate authority over a hosting server. They can even grant or deprive the user accounts of some of that authority. Admins of DirectAdmin servers can exercise this power as they can block some of the commands that users can run.

Block DirectAdmin Commands for all the User Accounts

The never_commands setting in /usr/local/directadmin/conf/directadmin.conf file will block commands globally and for all the users on the server.

The syntax to block commands with the never_commands setting:

never_commands=COMMAND

For example,

never_commands=CMD_ACCOUNT_ADMIN:CMD_API_ACCOUNT_ADMIN

It will block the commands to create new admin accounts.

For the command to take effect, restart DirectAdmin:

service directadmin restart

Block the DirectAdmin Commands for Specific Users.

For specific users, blocking commands requires a bit of preparation.

1. Create files commands.allow and commands.deny. These files are very similar to the CSF files – csf.allow and csf.deny.

/usr/local/directadmin/data/users/USERNAME/commands.allow
/usr/local/directadmin/data/users/USERNAME/commands.deny

Let’s see what to put in these files-

• commands.allow: The DirectAdmin commands that the user is allowed to use.
• commands.deny: The DirectAdmin commands you want to deny/block for the user.

The moment a user tries to execute a command you have denied or blocked, DirectAdmin will give an error message.

Here are the links where you can find all the DirectAdmin commands:

https://www.directadmin.com/api.html
https://www.directadmin.com/search_versions.php?help=no&versions=yes&query=CMD_API_
https://www.directadmin.com/search_versions.php?help=no&versions=yes&query=CMD_ 

You can block these commands globally or for a specific user on your DirectAdmin server.