The following Bash script, based on the blog post JetBackup: Better Safe Than Sorry, allows you to automatically lock backups for a set number of days when an account gets suspended and subsequently unlocks when it gets unsuspended. When the script is triggered (via cPanel hooks), it subsequently locks LOCK_BACKUPS number of backups for a LOCK_PERIOD number of days.
Here are the steps to create the Bash script and register to the cPanel Hooks System:
touch /root/lock_unlock_acct.sh
chmod +x /root/lock_unlock_acct.sh
#!/bin/bash
STAGE=$1
LOCK_PERIOD=360
LOCK_BACKUPS=5
LOCK_REASON="locked-by-hook"
ACCT=$( cat /dev/stdin | grep -oE '"args":{[^}]*"user":"[^"]+"' | sed "s#^.*\"user\":\"\([^\"]\+\)\"#\1#g" )
#ACCT=$( cat /dev/stdin )
if [ $STAGE = "suspend" ]; then
#GET LATEST LOCK_BACKUPS NUMBER OF SNAP IDs
sIFS=$IFS
IFS=$'\n'
snaps=($( /usr/bin/jetapi backup -F listBackups -D "accounts[]=$ACCT&type=127&limit=$LOCK_BACKUPS&sort[created]=-1" | grep -E '^\s*_id' | awk '{print $2}' ))
IFS=$sIFS
for (( i=0; i<${#snaps[@]}; i++ )); do
#LOCK SNAP BY ID
/usr/bin/jetapi backup -F manageBackup -D "_id=${snaps[$i]}¬es=$LOCK_REASON&locked=1&lock_ttl=$LOCK_PERIOD"
done
fi
if [ $STAGE = "unsuspend" ]; then
#GET LOCKED SNAPS BY THE LOCK REASON AND THE ACCOUNT NAME
sIFS=$IFS
IFS=$'\n'
snaps=($( /usr/bin/jetapi backup -F listBackups -D "accounts[]=$ACCT&type=127" | grep "notes: $LOCK_REASON" -B 15 | grep -E '^\s*_id' | awk '{print $2}' ))
IFS=$sIFS
for (( i=0; i<${#snaps[@]}; i++ )); do
#UNLOCK SNAP BY ID
/usr/bin/jetapi backup -F manageBackup -D "_id=${snaps[$i]}¬es=&locked=0"
done
fi
/usr/local/cpanel/bin/manage_hooks add script "/root/lock_unlock_acct.sh suspend" --manual 1 --category Whostmgr --event Accounts::suspendacct --stage post
/usr/local/cpanel/bin/manage_hooks add script "/root/lock_unlock_acct.sh unsuspend" --manual 1 --category Whostmgr --event Accounts::unsuspendacct --stage post