The cpuser_port_authority Script
Valid for versions 82 through the latest version
Version:
82
Last modified: July 28, 2022
Overview
The cpuser_port_authority
script assigns one or more 5-digit port numbers for a user’s exclusive use. These five-digit port numbers use the range of 10000
to 65535
. They exclude any ephemeral ports and passive ports.
Important:
- You must possess
root
user access to use this script. - You must use
iptables
to enforce port ownership. If you usefirewalld
, the system does not currently enforce port ownership.
Run the script
To run this script on the command line, use the following format:
/usr/local/cpanel/scripts/cpuser_port_authority [argument] [options]
Options
Use the following options with this script:
Note:
- This script saves port assignments to the
/etc/cpanel/cpuser_port_authority.json
file. - In the following table,
user
represents a username,amount
represents the number of ports,port-number
represents a specific five-digit port number, andmy_app
represents an application.
Options | Description | Example |
---|---|---|
give [user] [amount] [--service=my_app]
Note:
The
--service option assigns the requested port numbers to a specific service.
|
Assign a user one or more ports. | /usr/local/cpanel/scripts/cpuser_port_authority give exampleuser 3 --service=store |
take [user] [port-number]
Note:
You can pass the
port-number argument multiple times to remove several ports numbers.
|
Remove a port from a user’s assignments.
Note:
If you attempt to remove a port that does not belong to the specified user, then the function will fail.
|
/usr/local/cpanel/scripts/cpuser_port_authority take exampleuser 12345 |
fw |
Update the firewall rules to match port assignments and restart the firewall. | /usr/local/cpanel/scripts/cpuser_port_authority fw |
list [user] |
Display the ports assigned to a user. | /usr/local/cpanel/scripts/cpuser_port_authority list exampleuser |
user remove [user] |
Remove a user’s assigned ports. | /usr/local/cpanel/scripts/cpuser_port_authority user remove exampleuser |
user change [olduser] [newuser] |
Change the ownership of one user’s ports to another user. | /usr/local/cpanel/scripts/cpuser_port_authority user change exampleuser currentuser |
hint [argument] |
Display the abbreviated help information.
Note:
The
argument is optional. If you specify an argument, only that argument’s abbreviated help information will display.
|
/usr/local/cpanel/scripts/cpuser_port_authority hint list |
help [argument] |
Display the script’s help information.
Note:
The
argument is optional. If you specify an argument, only that argument’s help information will display.
|
/usr/local/cpanel/scripts/cpuser_port_authority help list |