Skip to main content

[Case 109441] Changes to account suspensions with .htaccess

Comments

5 comments

  • bryyyon
    This isn't EasyApache.. Why move it to the EasyApache forum? To the world: We copied the prior suspendacct perl script over the new one and use that instead. It works fine. The new unsuspendacct handles both cases, too.
    0
  • bryyyon
    Sorry for the triple-post. It's evident this change to suspensions was made in haste and I believe I've found why, but regardless - I hope the following helps anyone in the predicament we're in: The new suspension implementation introduced on July 21st doesn't preserve the disabling RedirectMatch directives on document roots after a rebuild of httpd.conf. If httpd.conf is rebuilt the include lines are removed from httpd.conf for all suspended accounts through the new mechanism. Though they were added into the httpd.conf,v versioned file, so we do know they existed prior to a rebuild. # rlog /usr/local/apache/conf/httpd.conf,v | head -n 30 RCS file: /usr/local/apache/conf/httpd.conf,v Working file: httpd.conf head: 1.251 branch: locks: strict root: 1.251 access list: symbolic names: keyword substitution: kv total revisions: 251; selected revisions: 251 description: ---------------------------- revision 1.251 locked by: root; date: 2014/07/27 03:16:29; author: root; state: Exp; lines: +609 -1 "Modified by /scripts/rebuildhttpdconf End build_apache_conf" ---------------------------- revision 1.250 date: 2014/07/26 18:31:54; author: root; state: Exp; lines: +30707 -31735 "Modified by /scripts/rebuildhttpdconf End build_apache_conf" ---------------------------- revision 1.249 date: 2014/07/25 20:18:03; author: root; state: Exp; lines: +1 -0 "Modified by /usr/local/cpanel/scripts/suspendacct Edited by ensure_vhost_include_directives() - /usr/local/cpanel/scripts/suspendacct" ---------------------------- revision 1.248 date: 2014/07/25 20:17:25; author: root; state: Exp; lines: +1 -0 "Modified by /usr/local/cpanel/scripts/suspendacct Edited by ensure_vhost_include_directives() - /usr/local/cpanel/scripts/suspendacct" ----------------------------
    Here's a quick Python script to re-submit any suspensions detected via the new method that were potentially removed after an httpd.conf build. Note that this does not preserve a cPanel suspension reason for the initial suspension. import os for dirname in os.listdir('/etc/httpd/conf/userdata/std/2/'): filename = os.path.join('/etc/httpd/conf/userdata/std/2/', dirname, '{0}-suspend.conf'.format(dirname)) if os.path.isfile(filename): username = dirname cpuser = open(os.path.join('/var/cpanel/users/', username)).readlines() found = 'SUSPENDED=1\n' in cpuser if found: print 'Resuspending', username os.system('/scripts/suspendacct {0}'.format(username))
    0
  • cPanelMichael
    Hello :) The change in behavior is to address security concerns. It's announced here, but without the full details yet due to how we handle targeted security releases: cPanel TSR-2014-0005 Announcement Documentation is available at: Manage Account Suspensions What Happens When You Suspend An Account Please ensure you submit a bug report for any issues you encounter with the suspension process: Submit A Bug Report You can post the ticket number here and we can update this thread with the outcome. Thank you.
    0
  • bryyyon
    Thank you, Michael. I came to that conclusion it was for a security-related matter and that's why it hadn't been explicitly discussed in a release change log.. I'll wait to see what the additional information slated for release today brings.
    0
  • cPanelMichael
    Internal case number 109441 is open to address an issue where rebuilding the Apache configuration file with Apache 2.4 can result in unsupensions in limited circumstances. There is currently no specific time frame available for a resolution but the case is open with our development team. Thank you.
    0

Please sign in to leave a comment.