How to block DirectAdmin commands

In DirectAdmin you can block commands server-wide or only for specific user(s). The commands that can be blocked can be found at:

A. Block DirectAdmin commands globally

To block commands for all the users on the server, you must use the never_commands setting in /usr/local/directadmin/conf/directadmin.conf file.

For example, to block the possibility of creating new admin accounts, use:


Restart DirectAdmin with:

service directadmin restart

B. Block DirectAdmin commands per user

For specific user blocking, you must use the files commands.allow and commands.deny. (this is very similar to the CSF files – csf.allow and csf.deny)


In the commands.allow you will have of course, the allowed commands and in the commands.deny, the blocked commands. These files do not exist by default, so you may need to create them. Add one command per line. Few rules to consider:

– commands.allow overrides commands.deny. If an item is in both, the command will be allowed.
– if commands.allow exists, but is empty, that User will not be able to do anything
– adding commands to commands.allow that do not exist in the given accounts access level won’t work

DA help

For example to block the USER11 ability to edit PHP settings, add the line


to the file


If a user will try to execute a blocked command, a denied message will be shown:

You cannot execute that command
The request you've made cannot be executed because it does not exist in your authority level
directadmin block commands
Blocked command message in DA

commands.allow and commands.deny

Leave a Reply