Home WebServer PanelDirectAdmin Instructions for configuring user permissions limits in DirectAdmin 1.6

Instructions for configuring user permissions limits in DirectAdmin 1.6

by Thạch Phạm
Published: Last Updated on
direct admin 1200x628 1

From DirectAdmin version 1.61.0 onwards, there is support for jailed shell and jailed cron to limit user rights on DirectAdmin. To use jailed shell and jailed cron requires BubbleWrap, it will help create an extra layer of protection and restrict user rights on the Linux server.


BubbleWrap is running an application like in a sandbox, docker, etc. that has been set up to restrict access to the system or user data.

BubbleWrap works by creating a completely new space located in the clipboard and invisible from the host and will be automatically deleted when the last process exits.

Using BubbleWrap, you can specify which filesystem parts should be displayed in the sandbox.
BubbleWrap doesn’t allow upgrading privileges.

Applications work without permission (escalation), even when used with proprietary software installed on the accompanying OS.

Steps to setup DirectAdmin user rights restrictions

In this tutorial, I set up DirectAdmin user rights restrictions on CentOS 7.

Step 1: Build bubblewrap

Go to DirectAdmin and move into custombuild directory. Copy the commands below with root user privileges.

AZDIGI Tutorial
cd /usr/local/directadmin/custombuild
./build update
./build bubblewrap
Capture 1
Limit user permissions in Directadmin 1.6

Step 2: Build jailshell

Please copy the commands below to execute the build jailshell.

AZDIGI Tutorial
cd /usr/local/directadmin/custombuild
./build jailshell
1Capture 2

Step 3: Enable the user permission limitation function in DirectAdmin

DirectAdmin will create the default value “jail” (set to 0 by default). Set the value to 1 to enable the function of limiting user permission for DirectAdmin.

AZDIGI Tutorial
/usr/local/directadmin/directadmin set jail 1 restart
service directadmin restart

Or you can directly access the user.conf file of each user to edit user.conf jail=ON/OFF /users/namnhh/user.conf

4Capture 1

To enable or disable restricting DirectAdmin user permission, go to the modify account section:

The image has set the value of jail to 1.
AZDIGI Tutorial
/usr/local/directadmin/directadmin set jail 1 restart
## Lưu ý khi set giá trị bằng 1 thì các user không áp dụng hết cần phải tick chọn hoặc làm bằng thủ công như hướng dẫn

To enable all users (Force) to limit DirectAdmin user permissions, set jail to 2.

AZDIGI Tutorial
/usr/local/directadmin/directadmin set jail 2 restart
service directadmin restart
6Capture 1

When you go to the modify account section, you will see the difference between the two values when setting 1 and 2.

The image has set the value of jail to 2.

Step 4: Recheck the user when ssh access and jail are enabled

To check, please access the file /etc/passwd, you will see that it has enabled the DirectAdmin user permission limitation.

AZDIGI Tutorial
cat /etc/passwd | grep namnhh
cat /etc/passwd | grep jailshell
Hoặc dùng câu lệnh bên dưới
grep -e "namnhh"  -e  "jailshell" /etc/passwd
3Capture 1

After checking your user as shown above, you have successfully configured the user permission limitation for DirectAdmin.



Limiting user permissions DirectAdmin is a security measure to restrict users when allowing users to use SSH in the server.
Jailed users cannot access the home directory of other users.
Jailed users can still run all the necessary commands from the main shell on their users.

Hopefully, this article helps you to secure your server better when shell attacks infect other users.

See more useful articles about DirectAdmin at the following link:

If you need assistance, you can contact support in the ways below:

  • Hotline 247: 028 888 24768 (Ext 0)
  • Ticket/Email: You use the email to register for the service and send it directly to: support@azdigi.com .
  • Website AZDIGI: https://azdigi.com/

Đánh giá

Tham gia nhóm hỗ trợ Server - Hosting

Tham gia nhóm Hỗ trợ Server - Hosting & WordPress để cùng nhau hỏi đáp và hỗ trợ các vấn đề về WordPress, tối ưu máy chủ/server.

Tham gia ngay

Bài viết cùng chuyên mục

AZDIGI – Không chỉ là đơn vị hàng đầu trong lĩnh vực Web Hosting và Máy chủ, chúng tôi mong muốn mang lại những kiến thức bổ ích nhất và luôn cập nhật thường xuyên cho cộng đồng người đam mê thiết kế website, công nghệ,…

Vui lòng không sao chép nội dung nếu chưa xin phép. Designed and Developed by PenciDesign