Configure DirectAdmin User Permissions: Complete Role Management

Understanding DirectAdmin User Hierarchy and Permissions

DirectAdmin operates on a three-tier user system that determines what actions each account can perform. Admin users control the entire server. Resellers manage multiple user accounts. Regular users handle their own domains and files.

Your permission structure directly impacts server security and operational efficiency. Misconfigured permissions can expose sensitive data or prevent legitimate users from completing essential tasks.

The admin level controls server-wide settings, package creation, and user management. Reseller accounts can create and manage user accounts within their allocated resources. User accounts handle website files, email accounts, and databases for their assigned domains.

Setting Up Admin-Level Permissions

Admin accounts have full server access by default. You'll need to manage these carefully since they can modify system files and server configurations.

Access the Admin Level section in DirectAdmin. Navigate to "Admin Settings" and select "Admin Accounts" to view existing administrators.

Click "Create Admin" to add a new administrator. Enter the username, password, and email address. The system automatically grants full permissions to new admin accounts.

To modify admin permissions, select an existing admin account and choose "Modify Admin." You can restrict access to specific features. This includes user creation, package management, or system settings.

Most hosting providers limit admin access to essential personnel only. Hostperl VPS hosting customers typically receive one admin account for server management. They get additional reseller accounts for delegation.

How to Configure DirectAdmin User Permissions for Resellers

Reseller permissions control which features and limits apply to each reseller account. These settings determine resource allocation and management capabilities.

Navigate to "Reseller Level" and select "Add Reseller" from the main menu. Enter the reseller's username, password, and contact details.

Set the reseller's resource limits in the package settings:

• Bandwidth allocation per month
• Disk space quota
• Number of domains allowed
• Email accounts and forwarders
• Database creation limits
• FTP account restrictions

Configure permission levels for specific features. Enable "Create Packages" to allow custom user packages. Grant "Modify User" permission for account management. The "View Usage" setting provides access to bandwidth and disk usage statistics.

Reseller IP allocation requires careful planning. Assign dedicated IPs when needed for SSL certificates or email reputation management.

Managing User Account Permissions

User accounts operate within the restrictions set by their reseller or admin. Configure these through package assignments and individual account modifications.

Create user packages under "Packages" in the Admin Level section. Define bandwidth limits, disk quotas, and feature availability. Each package template applies consistent settings to multiple users.

Navigate to "User Level" to manage individual user permissions. Select a user account and click "Modify User" to adjust their settings.

Critical user permission settings include:

• Domain creation and management rights
• Subdomain and addon domain limits
• Email account creation permissions
• Database access and creation rights
• File manager and FTP access
• SSL certificate installation capabilities

The "Suspend User" option temporarily disables account access without deleting data. Use this for non-payment situations or security concerns.

Advanced Permission Controls

DirectAdmin provides granular controls for specific features. These require careful management in production environments.

Access the "Admin Settings" menu and select "Customize Evolution." This interface controls which features appear for different user levels.

Database permissions require special attention. Navigate to "MySQL Management" to control database creation limits and user privileges. Set maximum database sizes and connection limits per user.

Email permission management appears under "E-Mail Administration." Set maximum mailbox sizes, attachment limits, and spam filter access. The "DKIM/SPF" section controls authentication feature availability.

File manager permissions determine upload limits and accessible directories. Set these under "File Manager" in the customization panel. You can restrict access to system directories while allowing normal file operations.

Security Best Practices for Permission Management

Permission security prevents unauthorized access while maintaining functionality for legitimate users. Regular audits help identify potential vulnerabilities.

Enable two-factor authentication for admin and reseller accounts. Navigate to "Two-Step Authentication" under "Admin Settings" to set up this security layer.

Monitor login attempts through "Login History" in the admin panel. Unusual access patterns may indicate compromised accounts or brute force attacks.

Set IP restrictions for sensitive accounts. The "Access IP" setting under user modification limits login attempts to specific IP ranges.

Review user lists monthly and remove inactive accounts. Check reseller permissions quarterly to ensure they align with business needs. This regular maintenance helps maintain security standards.

Troubleshooting Common Permission Issues

Permission conflicts often arise when users cannot access expected features. They may also receive error messages during routine tasks.

Check package limits first when users report access problems. Navigate to their user account and review the assigned package restrictions. Bandwidth or disk quota exhaustion commonly causes permission-related errors.

Email permission issues typically involve SMTP authentication or mailbox access. Verify the user's email limits under their account settings. Check for domain-specific email restrictions in the domain management section.

Database access problems require checking both user permissions and MySQL user privileges. Use the "MySQL Management" section to verify database user assignments and privilege levels.

File permission errors often stem from directory ownership issues. SSH access may be required to correct file ownership using chown commands.

Implementing Permission Backup and Recovery

Permission configurations represent critical server data. These require regular backup procedures. System changes or migrations can disrupt carefully configured access controls.

DirectAdmin stores permission data in configuration files located in /usr/local/directadmin/data/users/. Regular backups of this directory preserve user account settings.

Export user data using the "Admin Backup/Transfer" feature. This creates comprehensive backups including permission settings. You can restore these to new servers during migrations.

Document permission changes in a change log. Record modifications to admin, reseller, and user accounts with timestamps and reasons. This helps troubleshoot issues and maintain compliance requirements.

Test permission backups by restoring them to a staging environment. Verify that all access controls work correctly. Do this before relying on backup data for production recovery.

Frequently Asked Questions

How do I reset a forgotten admin password in DirectAdmin?

Use the command line to reset admin passwords. Run "echo 'newpassword' | /usr/local/directadmin/directadmin set_password admin" as root. Replace 'newpassword' with your desired password. Restart DirectAdmin service after the change.

Can resellers create admin accounts?

No, resellers cannot create admin accounts. Only existing admin users can create new admin accounts. Resellers can only create and manage user accounts within their allocated resources and permission levels.

What happens when a user exceeds their disk quota?

Users receive error messages when attempting to upload files or send emails that exceed their quota. Their websites remain accessible, but they cannot add new content until space is freed or the quota is increased.

How do I bulk modify user permissions?

Use the "Modify Multiple Users" feature in the Admin Level section. Select multiple users and apply package changes or permission modifications simultaneously. This feature saves time when managing large numbers of accounts.

Are permission changes logged automatically?

Yes, DirectAdmin logs permission changes in the system logs. Access these logs through "System Info & Files" then "Log Files" to review modification history and track administrative actions.