privilege escalation in hook
I have a hook in the http domain log parse and I followed the same example used in the doc
Guide to Standardized Hooks - Privilege Escalation - Software Development Kit - cPanel Documentation
Exact command used to register the hook:
/usr/local/cpanel/bin/manage_hooks add script /var/cpanel/myapp/do_extra.php --manual --category Stats --event RunUser --stage pre --exectype script --escalateprivs
[~]# cat /usr/local/cpanel/3rdparty/bin/reload_nginx.sh
#!/bin/bash
/usr/sbin/nginx -s reload
echo '1 nginX::reloaded'
But on running runweblogs I get the following error
info [cpanellogd] A script hook attempted to escalate privileges when escalation was not permitted in Stats::RunUser with the script /usr/local/cpanel/3rdparty/bin/reload_nginx.sh
What am I doing wrong?
-
Sorry exact command to register hook was: [~]# /usr/local/cpanel/bin/manage_hooks add script /usr/local/cpanel/3rdparty/bin/reload_nginx.sh --manual --category Stats --event RunUser --stage post --exectype script --escalateprivs 0 -
I think the example you people have given in Guide to Standardized Hooks - Privilege Escalation - Software Development Kit - cPanel Documentation is itself wrong Examples HTTP domain logs are parsed as the cPanel account that owns the domain. In this example, the /var/cpanel/myapp/do_extra.pl script will run as the root user immediately before the HTTP domain logs parse Because in Guide to Standardized Hooks - Stats Functions - Software Development Kit - cPanel Documentation The Escalate Privileges Attribute: is set with a red X mark . Means privilege escalation wont work for RunUser Which the example contradicts. Please confirm 0 -
Hello :) Could you open a support ticket using the link in my signature so we can take a closer look? You can post the ticket number here so we can update this thread with the outcome. Thank you. 0 -
Hello, I filed case DOC-6832 to get the documentation clarified. Thank you. 0
Please sign in to leave a comment.
Comments
4 comments