appconfig user and Cpanel::Config::LoadConfig permission warnings
I created a plugin with acls=all and user=limitedUser.
Everything works fine, but plugin generates lots of warnings in the error log:
index.cgi, line 17:
As i understand, plugin is running under my limited user and has no rights to read cPanel config file and to check ACLS. Any hints how to fix this? Thanks. p.s. L've got a developer license.
[2013-12-12 18:48:34 +0400] warn [Cpanel::Config::LoadConfig] Unable to open /var/cpanel/cpanel.config: Permission denied at /usr/local/cpanel/Cpanel/Config/LoadConfig.pm line 210
Cpanel::Config::LoadConfig::loadConfig('/var/cpanel/cpanel.config', HASH(0x1b16e948), undef, undef, undef, 1, HASH(0x1b16eb28)) called at /usr/local/cpanel/Cpanel/Config/LoadCpConf.pm line 160
Cpanel::Config::LoadCpConf::loadcpconf(HASH(0x1a0b5708)) called at /usr/local/cpanel/Cpanel/Config/LoadCpConf.pm line 51
Cpanel::Config::LoadCpConf::_load_locked(HASH(0x1b16e3d8)) called at /usr/local/cpanel/Cpanel/Config/CpConfGuard.pm line 28
Cpanel::Config::CpConfGuard::new('Cpanel::Config::CpConfGuard') called at /usr/local/cpanel/Cpanel/Config/ConfigObj/Driver/Attracta.pm line 253
Cpanel::Config::ConfigObj::Driver::Attracta::_check(Cpanel::Config::ConfigObj::Driver::Attracta=HASH(0x1b16e498), 'cpanel_config_enabled') called at /usr/local/cpanel/Cpanel/Config/ConfigObj/Driver/Attracta.pm line 243
Cpanel::Config::ConfigObj::Driver::Attracta::check(Cpanel::Config::ConfigObj::Driver::Attracta=HASH(0x1b16e498)) called at /usr/local/cpanel/Cpanel/LicenseComponent.pm line 410
Cpanel::LicenseComponent::check_component(Cpanel::LicenseComponent=HASH(0x1af1b030), 'attracta') called at /usr/local/cpanel/Cpanel/LicenseComponent.pm line 150
Cpanel::LicenseComponent::get_component_configured_status(Cpanel::LicenseComponent=HASH(0x1af1b030), 'attracta') called at /usr/local/cpanel/Whostmgr/ACLS.pm line 219
Whostmgr::ACLS::get_dynamic_acl_lists() called at /usr/local/cpanel/Whostmgr/ACLS.pm line 243
Whostmgr::ACLS::dynamic_acl_update() called at /usr/local/cpanel/Whostmgr/ACLS.pm line 150
Whostmgr::ACLS::init_acls() called at /usr/local/cpanel/whostmgr/docroot/myPlugin/index.cgi line 17
index.cgi, line 17:
Whostmgr::ACLS::init_acls();
if (!Whostmgr::ACLS::hasroot())
{
print 'Access denied';
exit;
}
As i understand, plugin is running under my limited user and has no rights to read cPanel config file and to check ACLS. Any hints how to fix this? Thanks. p.s. L've got a developer license.
-
/var/cpanel/cpanel.config is 644 so it should be able to be read by any user: # ls -la /var/cpanel/cpanel.config -rw-r--r-- 1 root wheel 6131 Nov 7 13:35 /var/cpanel/cpanel.config
The error points to /usr/local/cpanel/Cpanel/Config/LoadConfig.pm line 210. In that module, you'll see that the code is trying to open the file as either 'rw' or 'r' depending on whether or not $arg_ref->{'rw'} is set:my $conflock = Cpanel::SafeFile::safeopen( $conf_fh, ( $arg_ref->{'rw'} ? '+<' : '<' ), $file ) or do { require Cpanel::Logger; Cpanel::Logger::cplog( "Unable to open $file: $!", 'warn', __PACK AGE__ ); return; };
Unfortunately, we don't see the hash values passed to loadConfig in this error: Cpanel::Config::LoadConfig::loadConfig('/var/cpanel/cpanel.config', HASH(0x1b16e948), undef, undef, undef, 1, HASH(0x1b16eb28)) called at /usr/local/cpanel/Cpanel/Config/LoadCpConf.pm line 160 We do know that the last HASH is $arg_ref from the function's definition:sub loadConfig { my ( $file, $conf_ref, $delimiter, $comment, $regexp_to_preprune, $allow_undef_values, $arg_ref ) = @_;
So, we have to look at /usr/local/cpanel/Cpanel/Config/LoadCpConf.pm line 160 which gives us:my ( $ref, $fh, $conflock ) = Cpanel::Config::LoadConfig::loadConfig( $cpanel_config_file, \%defaults, undef, undef, undef, 1, { 'nocache' => 1, 'keep_locked_open' => 1, 'rw' => $load_opts_ref->{'rw'} }, );
In this case, whether or not to load the file 'rw' is controlled by $load_opts_ref->{'rw'}; $load_opts_ref is passed to loadcpconf():sub loadcpconf { my ($load_opts_ref) = @_;
Then going to the next call, we see it is for _load_locked() in vi /usr/local/cpanel/Cpanel/Config/LoadCpConf.pm.sub _load_locked { my ($load_opts_ref) = @_; my %opts = $load_opts_ref ? %$load_opts_ref : (); $opts{'keep_locked_open'} = 1; $opts{'rw'} = 1; my ( $fh, $lock_fh, $cpconf ) = loadcpconf( \%opts );
So, in every case, _load_locked() is going to try to open the file 'rw' but only root has 'rw' permissions so this appears to be 2 bugs. First, $opts{'rw'} is not configurable in _load_locked() but resellers don't have 'rw' access to /var/cpanel/cpanel.config. Second, the plugin driver will need to be extended to pass options to CpConfGuard when creating the object: /usr/local/cpanel/Cpanel/Config/ConfigObj/Driver/Attracta.pm line 253:my $cpconf = Cpanel::Config::CpConfGuard->new();
Furthermore, it's unclear as to why your plugin would use the driver for Attracta.0 -
Thank you very much for your detailed answer. It seems strange, but i never installed nor used Attracta and i even don't know how to use such driver in my code. 0 -
I'd imagine that cPanel wrote the first AppConfig driver for the Attracta integration and then it got hard-coded into the system before they decided to make it a public system for all 3rd party integrations. You may want to email the integration team about this and/or submit a ticket so they can get some cases opened about all these issues. 0 -
[quote="KostonConsulting, post: 1528702">I'd imagine that cPanel wrote the first AppConfig driver for the Attracta integration and then it got hard-coded into the system before they decided to make it a public system for all 3rd party integrations. You may want to email the integration team about this and/or submit a ticket so they can get some cases opened about all these issues.
Ticket system registration is broken, so i dropped a letter to integration@. Let's see what they say.0 -
[quote="rustyhex2, post: 1531232">Ticket system registration is broken, so i dropped a letter to integration@. Let's see what they say.
We are not currently aware of any problem with registering in the ticket system, but if there is a problem, we need to fix it. What error message did you get when you tried to register to submit a ticket?0 -
[quote="cPanelJared, post: 1533812">We are not currently aware of any problem with registering in the ticket system, but if there is a problem, we need to fix it. What error message did you get when you tried to register to submit a ticket?
I reported every bug i found via email. Now it's working.0
Please sign in to leave a comment.
Comments
6 comments