Skip to main content

CPANEL-42578 - API or Doc bug with setacls (possible security repercussion)

malex
Hi, I was developing something where I needed to use the

Comments

3 comments

Date Votes
  • cPRex Jurassic Moderator
    Hey there! I'm not able to reproduce any slowness on the cPanel API site (cPanel & WHM Developer Portal) so I can't offer much for that issue on my end. As far as the API call, I can confirm the command you provided gives the following output: {"metadata":{"version":1,"result":1,"reason":"OK","command":"setacls"},"data":{"acl":["all","acct-summary">}}
    but when I check WHM >> Reseller Center and examine the permissions on that account, I don't see that additional permissions have been applied. Since that is the case, it looks like this is just an issue with the output of that command. I went ahead and created CPANEL-42578 so our developers can look into this issue, and I'll be sure to post any updates I receive about that case here.
    0
  • malex
    Hi, I tried again and I was able to reproduce it with the CLI version. Maybe my server is fucked (it's my dev server) but I did a clean install not a long time ago so it's unlikely. I created a new user using the createacct and set it to reseller directly. It was done in PHP using something like this : $acctResp = $whm ->setServer('cheeseburger.XXXXX.eu') ->setCredentials([ 'username' => 'root', 'token' => 'XXXXXXXXX', ]) ->call('createacct', [ 'username' => $username, 'domain' => $techUrl, 'plan' => 'xxxxxxxxx', 'password' => $password, 'max_defer_fail_percentage' => 10, 'max_email_per_hour' => 180, 'dkim' => 1, 'spf' => 1, 'contactemail' => 'xxxxxx@gmail.com', 'hasshell' => 1, 'language' => 'fr', 'reseller' => 1, //'reseller_without_domain' => 1, ]);
    Then I logged in to the account, take a screenshot of the WHM interface with the limited options. Then I executed the following command : [root@cheeseburger ~]# whmapi1 --output=jsonpretty setacls reseller='t11d1db4a' acl-all=0 acl-acct-summary=1 { "data" : { "acl" : [ "acct-summary", "all" ] }, "metadata" : { "result" : 1, "version" : 1, "reason" : "OK", "command" : "setacls" } }
    Then logged-in again and I have all the feature to WHM. EDIT: See the video file enclosed, It demonstrates the whole thing :
    0
  • cPRex Jurassic Moderator
    Thanks for that video - that isn't something I checked on my end and explains the issue more clearly. I've updated the case with these details.
    0

Please sign in to leave a comment.

Didn't find what you were looking for?

New post