Skip to end of metadata
Go to start of metadata

Symptom

By default, when enabling Control Panel integration, the CDP Agent will grant access to all Control Panel users. Many people have been asking how they can limit access to only certain users (i.e. paying customers). The solution listed below will limit access to backup for only specified users.
 

Resolution

1. The first thing you need to do is to create a text file with valid control panel user accounts that you want to grant access. You can name this file /etc/r1user:

[root@plesk ~]# cat /etc/r1user neo trinity

2. Next, you need to edit the appropriate authentication script located in /usr/sbin/r1soft/lib/controlpanel (authentication scripts end with auth.pl):

[root@plesk ~]# ls -l /usr/sbin/r1soft/lib/controlpanel -rw-r--r-- 1 root root 1806 Apr 13 17:46 BuagentAuth.pm -rwxr-xr-x 1 root root 1030 Apr 13 17:46 cpanel-auth.pl -rwxr-xr-x 1 root root 966 Apr 13 17:46 cpanel-listusers.pl -rwxr-xr-x 1 root root 3138 May 30 14:24 plesk-auth.pl -rwxr-xr-x 1 root root 2676 Apr 13 17:46 plesk-listusers.pl -rwxr-xr-x 1 root root 930 Apr 13 17:46 virtuozzo-listusers.sh

3. Next, create an array and load the text file (/etc/r1user) you just created into the array:

Code:

my @userdb; open(USERDB, '/etc/r1user') or die "Couldn't open location file: $!"; @userdb = <USERDB>;

4. Next, you need to create a variable which reflects the r1users privilege to access backups ($r1user_ref) and use a 'foreach' loop to check whether the $user is in the array.
Code:

my $r1user_ref = 0; my $t; foreach $t (@userdb){         if ($t =~ $user) {                 $r1user_ref = 1;         } }

 
5. If the $user account is in the @userdb array, then $r1user_ref is set to "1."

The last thing is to put all this code together and insert it into the appropriate place of the authentication script. For pleask-auth.pl the changes should look like this:

Before:

my $user = ; chomp($user); my $pass = ; chomp($pass); my $auth_ref = BuagentAuth::auth($user, $pass); print "auth_ok:" . $auth_ref->{auth_ok} . "\n"; if ($auth_ref->{auth_ok} == 0) { exit; }

After:

my $user = ; chomp($user); my $pass = ; chomp($pass); my @userdb; open(USERDB, '/etc/r1user') or die "Couldn't open location file: $!"; @userdb = ; my $r1user_ref = 0; my $t; foreach $t (@userdb){ if ($t =~ $user) { $r1user_ref = 1; } } if ($r1user_ref != 1) { print "auth_ok:0\n"; exit; } my $auth_ref = BuagentAuth::auth($user, $pass); print "auth_ok:" . $auth_ref->{auth_ok} . "\n"; if ($auth_ref->{auth_ok} == 0) { exit; }

If the user account is in /etc/r1user, the specified user will have access to their backups. If not, they will be denied access to CDP Web Interface.


Related Articles

Page: Limiting Control Panel User Access (Knowledge Base) Labels: control_panel_3, agent_3
Page: Limiting Control Panel User Access (Knowledge Base) Labels: control_panel_3, agent_3
Page: Error - AGENT Unable to Set Default Name Check Option (Knowledge Base) Labels: randmmap_3, troubleshoot_3, agent_3
Page: Error - Could Not Start Snapshot (Knowledge Base) Labels: troubleshoot_3, agent_3
Page: Using Two Policies per Agent (Knowledge Base) Labels: disk_safe_3, policy_3, agent_3, troubleshoot_3, volumes_3
Labels:
control_panel_3 control_panel_3 Delete
agent_3 agent_3 Delete
Enter labels to add to this page:
Please wait 
Looking for a label? Just start typing.