The cpuser_port_authority Script

Valid for versions 82 through the latest version

Version:

82


Last modified: May 13, 2020

Overview

The cpuser_port_authority script assigns one or more 5-digit port numbers for a user’s exclusive use. These five-digit port numbers use the range of 10000 to 65535. They exclude any ephemeral ports and passive ports.

Important:
  • You must possess root user access to use this script.
  • You must use iptables to enforce port ownership. If you use firewalld, the system does not currently enforce port ownership.

Run the script

To run this script on the command line, use the following format:

/usr/local/cpanel/scripts/cpuser_port_authority [argument] [options]

Options

Use the following options with this script:

Note:
  • This script saves port assignments to the /etc/cpanel/cpuser_port_authority.json file.
  • In the following table, user represents a username, amount represents the number of ports, port-number represents a specific five-digit port number, and my_app represents an application.
Options Description Example
give [user] [amount] [--service=my_app]
Note:
The --service option assigns the requested port numbers to a specific service.
Assign a user one or more ports. /usr/local/cpanel/scripts/cpuser_port_authority give exampleuser 3 --service=store
take [user] [port-number]
Note:
You can pass the port-number argument multiple times to remove several ports numbers.
Remove a port from a user’s assignments.
Note:
If you attempt to remove a port that does not belong to the specified user, then the function will fail.
/usr/local/cpanel/scripts/cpuser_port_authority take exampleuser 12345
fw Update the firewall rules to match port assignments and restart the firewall. /usr/local/cpanel/scripts/cpuser_port_authority fw
list [user] Display the ports assigned to a user. /usr/local/cpanel/scripts/cpuser_port_authority list exampleuser
user remove [user] Remove a user’s assigned ports. /usr/local/cpanel/scripts/cpuser_port_authority user remove exampleuser
user change [olduser] [newuser] Change the ownership of one user’s ports to another user. /usr/local/cpanel/scripts/cpuser_port_authority user change exampleuser currentuser
hint [argument] Display the abbreviated help information.
Note:
The argument is optional. If you specify an argument, only that argument’s abbreviated help information will display.
/usr/local/cpanel/scripts/cpuser_port_authority hint list
help [argument] Display the script’s help information.
Note:
The argument is optional. If you specify an argument, only that argument’s help information will display.
/usr/local/cpanel/scripts/cpuser_port_authority help list

Additional Documentation