Killdns ACL List to API token
Hi;
Am trying to run the killdns command from a curl script.
However am not able to get the right ACL list to assign the created token.
it only works when i provide "acl=all" while i would like to limit as below for example.
whmapi1 api_token_update token_name=examplename expires_at=0 acl-1=kill-dns acl-2=clustering acl-3=ns-config acl-4=manage-dns-records acl-5=status acl-6=park-dns acl-7=create-dns acl-8=edit-dns
-
After quite a bit of research into this I believe this is because of how the ACL's are categorized for the token. It looks like you can't perform this function without the ALL ACL per the killdns Perl module: if ( Whostmgr::ACLS::hasroot() || Whostmgr::AcctInfo::Owner::checkowner( $ENV{'REMOTE_USER'}, $owner ) ) {0 -
As feature to have maybe we can add the restriction as it leaves the token open to other unrestricted operations. Am also not finding the whmapi1 counterpart to the utility script /scripts/dnscluster synczone .......could you point me in the right direction whether it exists? Appreciated. 0 -
There really isn't one but you can use the following script: [root@server statsbar]# /scripts/dnscluster --help Usage: dnscluster [ACTION] [OPTIONS]... Examples: /usr/local/cpanel/scripts/dnscluster syncall --full # Sync all zones (even ones not in /etc/userdomains) /usr/local/cpanel/scripts/dnscluster synczonelocal mydomain.org # Sync mydomain.org to the local machine Actions: syncall [--full] - make sure all dns zones are in sync within the cluster. If any zone files are out out of sync, the ones with the largest serial numbers will be copied to all servers. syncalllocal [--full] - make sure all dns zones are in sync within the cluster. If any zone files are out out of sync, the ones with the largest serial numbers will be copied to the local server only. synczone - sync one zone If the zone is out out of sync, the one with the largest serial number will be copied to all servers. synczonelocal - sync one zone If the zone is out out of sync, the one with the largest serial number will be copied to the local server. Operation modifiers: -F, --full If the --full flag is specified then zones that are not local to this server (in /etc/userdomains) will be pulled in as well. This was the default behavior prior to 11.24.5 Help: -H, --help (or no arguments) This will show this screen.0 -
Thankyou. 0
Please sign in to leave a comment.
Comments
4 comments