newE-mail Summary Report (Pro Pack)
Evolution skin now has new section E-mail Summary in the Admin Tools group.
This is a report of email usage aggregated by email address and domain.
newSupport user specific skin settings to be changed after login-as in Evolution
An update to Evolution skin now allows user specific skin settings (for example grid mode) to be changed after performing login-as function.
newCMD_LOGIN_KEYS: read-only option for Users (SKINS)
If a login key is created with the login-as function, eg:
$user = "admin|fred"; //fred is a User
the Reseller/Admin would be shown an option to make the key read-only for the Users. Any login-as account doing work can still delete the key.
This will prevent Users from modifying/deleting keys that they shouldn't have access to.
For any call, when using a higher-power, like "Login-As" or CLI URL creation, pass
which sets this in the key.conf, preventing Users from deleting or modifying it with their direct login. A Reseller/Admin with Login-As can still delete/modify.
Just above the "current password" line:
|*if USERNAME!=LOGIN_AS_MASTER_NAME| <tr><td class=list2>|LANG_READ_ONLY|:</td> <td class=list2 colspan=2><input type=checkbox name=client_read_only value="yes" |CLIENT_READ_ONLY_CHECKED|> |LANG_READ_ONLY_INFO| </td> </tr> |*endif|
The call to
will now include an 8th row
client_read_only set to yes or no.
If it's set to "yes", then you'd block deletion and modify if it's a direct login (not login-as). The back-end will still do this, but doing it ahead of time in the GUI might avoid confusion.
Enhanced is comparing global USERNAME to LOGIN_AS_MASTER_NAME. If they do match, a direct login, thus respect the client_read_only for blocking.
improvedDirectadmin systemd service file
Systemd directadmin.service now has a dependency of network-online.service.
It should prevent a startup of DirectAdmin sooner than the Internet connection becomes available.
improvedNginx: put include webapps.conf & CUSTOM3 before LOCATION_BLOCKS, EXTRA_LOCATIONS (TEMPLATES)
nginx_server.conf templates include the webapps config near the end of the
include /etc/nginx/webapps.conf and
We' just make reference to
webapps.conf for documentation simplicity here.
If the User has added a WordPress Nginx Template to the / location, this would match /webmail before getting to the webapps include, causing a 404 on /webmail.
Move the 2 lines:
|CUSTOM3| include /etc/nginx/webapps.conf;
higher up in the output, before
LOCATION_BLOCKS, and after
|*if HAVE_NGINX_PROXY="1"| ... |*else| |NGINX_REDIRECTS| |HOTLINK_PROTECTION| |*endif| |CUSTOM3| include /etc/nginx/webapps.conf; |*if HAVE_NGINX_PROXY!="1"| |LOCATION_BLOCKS| |EXTRA_LOCATIONS| |*endif| |MOD_SECURITY_RULES|
Here is the previous layout before the above change:
|*if HAVE_NGINX_PROXY="1"| ... |*else| |NGINX_REDIRECTS| |HOTLINK_PROTECTION| |LOCATION_BLOCKS| |EXTRA_LOCATIONS| |*endif| |MOD_SECURITY_RULES| |CUSTOM3| include /etc/nginx/webapps.conf;
The following 4 templates have the above change:
webapps.ssl.conf is used for
improvedNginx template update to expose defined headers for *.php files (TEMPLATES)
add_header X-FastCGI-Cache $upstream_cache_status; line removed now.
Without this change all the other defined headers in global templates were ignored for .php files, and it required to re-add headers to
nginx_php.conf in addition to the other template files.
improvedRefactored dataskq queue management and execution
In preparation for new features we are refactoring how dataskq parses and executes task files. This change should not have any visible side effects, but as with any refactoring there is a risk of unintended changes.
improvedRun unprivileged user tasks under users Cgroup and jailshell
To run all unprivileged tasks Userd process starts up using
/usr/bin/su --login -s USERSHELL|/bin/bash.
fixedApache templates updated to have ModSecurity enabled for whole vhost (TEMPLATES)
ModSecurity rule exceptions were in
<Directory> block in Apache templates, this is the reason why they did not work for global aliases like
|MOD_SECURITY_RULES| is moved outside
<Directory> block now, so that it would work for the whole virtualhost.
fixedAWS MySQL does not allow GRANT ALL
Use the full list of allowed commands for the GRANT instead of ALL.
New internal default
to change DA to specify all grant options, instead of "ALL", set:
./directadmin set db_grant_all 0 service directadmin restart
fixedFix domain certificate save hook execution
ssl_safe hooks misconfiguration,
scripts/custom/ssl_safe_(pre|post).sh were not getting called, when domain certificate is saved.
scripts/custom/ssl_safe_(pre|post)/ and in plugins were called correctly.
fixedAdd Pointer: inherit master zone: still creating defaults for extra IPs
Relating to this change from 1.62.5.
where creating a pointer will now inherit the master domain's zone, the bug was that the section that added additional IPs to the zone was still doing so with the default records.
When this feature is used, it will now skip the addition of additional IPs as they should have already been in the master zone.
fixedMX Templates: clear conflicting CNAME/A/AAAA
In some cases, you might want to add a CNAME/A/AAAA record into one of the MX Template files which might have a conflicting value already in the zone. For example:
mail 3600 CNAME ghs.googlehosted.com.
which would conflict with the existing default mail "A" record.
This fix will take any conflict between CNAME vs A/AAAA and clear them out, allowing the new value in. Applies in either direction.
Note: A vs AAAA do not clear each other, only CNAME vs A/AAAA or A/AAAA vs CNAME, as A and AAAA are allowed to be duplicated.
fixedNginx: Order used locations by length, longest first
The location within the nginx.conf should match based on the longest first.
fixedManual DB restore to quote my.cnf password
To allow the # character in passwords, the my.cnf "password" needs to be quoted.