We are currently experiencing a higher than usual ticket volume, and as a result there may be delays before we can reply to your ticket.
Please feel free to reference the information available in our Forums, Documentation, and Knowledge Base in the meantime.

We are aware of an upstream issue with installations and updates due to MySQL GPG Keys. (Reference UPS-423 for a workaround.)

Skip to main content

What happens when an account becomes suspended?

Axel Cervera
  • Updated

Question

Multiple actions take place when an account is suspended, knowing what takes place may help you in troubleshooting or understanding the process. 

 

Answer

Adds suspended flags

The system adds the SUSPENDED=1 and SUSPENDTIME=epochdate flags to the account’s /var/cpanel/users/cpuser file, where epochdate represents the Unix time at which you suspended the account.

As a result, the appropriate WHM interfaces sets the account to suspended and list the reason for suspension.

 

Locks reseller control

If you select the Prevent resellers from unsuspending checkbox when you suspend the account, the system touches the /var/cpanel/suspended/user.lock file.

As a result, the appropriate WHM interfaces sets the account to locked. The system does not allow resellers to unsuspend the account.

 

Stops all user processes

The system stops all of the processes that that account owns.

As a result, the system stops any functions that the cPanel account currently performs as the logged-in user. The following list includes some of the effects that this action may cause:

  • The system forcibly logs the user out of a current session.

  • The system stops the user’s cron jobs and moves the user's corn file from /var/spool/cron/ to /var/spool/cron.suspended/.

 

Locks mailing lists

The system creates a suspended.lists directory in Mailman and moves the files for each of the account’s mailing lists to this directory.

As a result, the account’s mailing lists no longer function.

 

Locks Web Disk

The system adds a *LOCKED* string to the /home/homedir/etc/webdav/shadow password files for all account’s Web Desk users. In this example, homedir is the cPanel account’s home directory name.

As a result, the account’s Web Disk accounts no longer function.

 

Locks email passwords

The system adds a *LOCKED* string to the /home/homedir/etc/domain/shadow password files for all of the account’s email users. In this example, homedir is the cPanel account’s home directory name and domain is the email users’ domain.

As a result, the account’s email users cannot download mail.

Note:
The system continues to deliver mail to the account.
 
 

Incoming and outgoing email

The system no longer allows the account’s users to send email through the mail server. Also, the mail server will force all mail currently in the outbound message queue from that account’s users to fail. As a result, the account’s email users cannot send mail, and any mail they had in the mail server queue will fail.

Email Delivery Behavior

When the server delivers an email message, Exim evaluates and executes code supplied by the cPanel account. If the cPanel account is suspended, you may not want the system to process user-supplied code in filters, forwarders, pipes, and redirection lists. You may choose from several configuration options to determine how the system processes email deliveries for suspended accounts.

You can configure what action EXIM should perform when the server receives an email message for a suspended account in WHM’s Exim Configuration Manager interface (WHM >> Home >> Service Configuration >> Exim Configuration Manager). You can use one of the following settings:

 

Setting Description
Deliver messages normally This setting accepts the email message and delivers it via normal delivery logic. This includes any forwarders, or piped scripts that the account user may have set up. This option is potentially risky, as these handlers could be used by a suspended user to retain access to account resources.
Accept and discard messages This setting accepts the email message, but immediately discards it, and ceases further processing.
Reject messages at SMTP time This setting rejects the email message, and returns a permanent error code to the sending email server. Compliant email servers will stop any further attempts to deliver the message.
 
Note:
This setting’s behavior is the same as setting the Receiving Incoming Mail option to Suspend for an email address in cPanel’s Manage Email Accounts interface (cPanel >> Home >> Email >> Manage Email Accounts).
Accept and queue messages [Default] This setting accepts the email message and places it in the local Exim queue temporarily. Exim will attempt delivery of the message periodically until the account is unsuspended or the message in the queue expires. By default, Exim reattempts delivery for queued messages for four days and eight hours then notifies the original sender that it could not deliver the message. This is the default setting.


Updates the Apache configuration files

The system updates Apache’s httpd.conf file with a Virtual Host include file for the user.

  • The system creates the include file at the following location:

    /etc/apache2/conf.d/includes/account_suspensions.conf

  • This include file contains a RedirectMatch rule that redirects website traffic to the default template for suspended accounts.

    Note:

    Apache httpd.conf include files originate from the following lines in Apache’s main.default file:

    [% IF file_test('f', '/usr/local/apache/conf/includes/account_suspensions.conf') -%]
    Include "/usr/local/apache/conf/includes/account_suspensions.conf"
    [% END -%]

     

As a result, visitors cannot access the account’s websites. Instead, a message appears that states the account was suspended.

Note:

To edit the message that appears for a suspended account’s sites, use WHM’s Web Template Editor interface (WHM >> Home >> Account Functions >> Web Template Editor).

 

Locks the shadow password

The system uses the passwd -l command to lock the account’s /etc/shadow password file. This command prepends the account’s passwords with two exclamation marks (!!).

The following list includes some of the effects that this action causes:

  • The user cannot log in to their cPanel account.

  • The account’s database users cannot log in to their databases.

  • The suspended account’s password cannot change.

 

Modifies permissions of ftp directory

The system modifies the permissions of the user’s public_ftp directory to 0000.

The system then creates the /etc/proftpd/user.suspended file and locks the account’s FTP passwords in the /etc/proftpd/passwd.vhosts and /etc/proftpd/user password files. Finally, the system prepends the account’s FTP passwords with two exclamation marks ( !! ).

As a result, The account’s FTP users cannot log in to the FTP server.

Also, the system cannot back up the user’s public_ftp directory because of the restrictive file permissions.

 

Changes MySQL user passwords

The system changes all of the MySQL users’ passwords. As a result, MySQL users cannot access their databases.

Note:
When you suspend a cPanel account, the system will not suspend any of the account’s Amazon RDS™ remote databases.

 

 

Related articles

Comments

0 comments

Article is closed for comments.