addservlets broken due to SafeRun

tizoo

Well-Known Member
Jan 6, 2004
75
3
158
cPanel Access Level
DataCenter Provider
CLOUDLINUX 6.9 standard [xxx] v68.0.25

Hello,

Since some weeks or months, each time we add servlets support to a domain, we have to add the configuration by hand in the server.xml Tomcat configuration file.

It seems the problem is due to SafeRun. Here is the output of the commande :

Code:
# /scripts/addservlets --domain=example.com
Scanning userdata...
[2018-01-15 18:42:57 +0100] die [Internal Death while parsing [stdin] 191708] Cpanel::SafeRun::Simple prevents accidental execution of a shell.  If you intended to execute a shell use saferun(/bin/sh,-c,grep -r -I '^cp_jkmount.conf: 1' /var/cpanel/userdata) at /usr/local/cpanel/Cpanel/SafeRun/Simple.pm line 48.
   Cpanel::SafeRun::Simple::_saferun_r(ARRAY(0x1b036d8), 1) called at /usr/local/cpanel/Cpanel/SafeRun/Errors.pm line 16
   Cpanel::SafeRun::Errors::saferunallerrors("grep -r -I '^cp_jkmount.conf: 1' /var/cpanel/userdata") called at /usr/local/easy/sbin/easy-tomcat7-gentomcatlist2 line 47
 at /usr/local/cpanel/Cpanel/SafeRun/Simple.pm line 48.
   Cpanel::SafeRun::Simple::_saferun_r(ARRAY(0x1b036d8), 1) called at /usr/local/cpanel/Cpanel/SafeRun/Errors.pm line 16
   Cpanel::SafeRun::Errors::saferunallerrors("grep -r -I '^cp_jkmount.conf: 1' /var/cpanel/userdata") called at /usr/local/easy/sbin/easy-tomcat7-gentomcatlist2 line 47

[A fatal error or timeout occurred while processing this directive.]

Cpanel::SafeRun::Simple prevents accidental execution of a shell.  If you intended to execute a shell use saferun(/bin/sh,-c,grep -r -I '^cp_jkmount.conf: 1' /var/cpanel/userdata) at /usr/local/cpanel/Cpanel/SafeRun/Simple.pm line 48.
   Cpanel::SafeRun::Simple::_saferun_r(ARRAY(0x1b036d8), 1) called at /usr/local/cpanel/Cpanel/SafeRun/Errors.pm line 16
   Cpanel::SafeRun::Errors::saferunallerrors("grep -r -I '^cp_jkmount.conf: 1' /var/cpanel/userdata") called at /usr/local/easy/sbin/easy-tomcat7-gentomcatlist2 line 47
Done: .jsp support installed for example.com
Is there a way to fix that ?

Thanks in advance for any tips.

Best,
Philippe
 

tizoo

Well-Known Member
Jan 6, 2004
75
3
158
cPanel Access Level
DataCenter Provider
Hi Jacob,

Thanks for your answer but I fear the new EA3 3.34.20 doesn't fix the problem.

I updated EA3 through WHM (Home >> Software >> EasyApache3 and it automatically check for the last version). But this update doesn't change the script that make the error (/usr/local/easy/sbin/easy-tomcat7-gentomcatlist2).

If that helps, we used the following patch to fix the problem :

Code:
diff -Naur a/easy-tomcat7-gentomcatlist2 b/easy-tomcat7-gentomcatlist2
--- a/easy-tomcat7-gentomcatlist2    2018-01-16 08:11:04.882235872 +0100
+++ b/easy-tomcat7-gentomcatlist2    2018-01-16 08:14:26.001891764 +0100
@@ -47,7 +47,7 @@
 my %domain_owners;
 my $server_aliases = {};
 
-my @lines = Cpanel::SafeRun::Errors::saferunallerrors("grep -r -I '^cp_jkmount.conf: 1' /var/cpanel/userdata");
+my @lines = Cpanel::SafeRun::Errors::saferunallerrors("/bin/sh", "-c", "grep -r -I '^cp_jkmount.conf: 1' /var/cpanel/userdata");
 for my $line (@lines) {
     next unless $line =~ /cp_jkmount\.conf: 1/;    # Strip out any stderr lines
     $line =~ s/\:.*//;
Best,
Philippe
 

cPanelKenneth

cPanel Development
Staff member
Apr 7, 2006
4,608
77
308
cPanel Access Level
Root Administrator
Hi Jacob,

Thanks for your answer but I fear the new EA3 3.34.20 doesn't fix the problem.

I updated EA3 through WHM (Home >> Software >> EasyApache3 and it automatically check for the last version). But this update doesn't change the script that make the error (/usr/local/easy/sbin/easy-tomcat7-gentomcatlist2).

If that helps, we used the following patch to fix the problem :

Code:
diff -Naur a/easy-tomcat7-gentomcatlist2 b/easy-tomcat7-gentomcatlist2
--- a/easy-tomcat7-gentomcatlist2    2018-01-16 08:11:04.882235872 +0100
+++ b/easy-tomcat7-gentomcatlist2    2018-01-16 08:14:26.001891764 +0100
@@ -47,7 +47,7 @@
 my %domain_owners;
 my $server_aliases = {};
 
-my @lines = Cpanel::SafeRun::Errors::saferunallerrors("grep -r -I '^cp_jkmount.conf: 1' /var/cpanel/userdata");
+my @lines = Cpanel::SafeRun::Errors::saferunallerrors("/bin/sh", "-c", "grep -r -I '^cp_jkmount.conf: 1' /var/cpanel/userdata");
 for my $line (@lines) {
     next unless $line =~ /cp_jkmount\.conf: 1/;    # Strip out any stderr lines
     $line =~ s/\:.*//;
Best,
Philippe
Hi,

Did you do a rebuild of EasyApache 3?

The automatic check for latest version that happens when you go into the EasyApache 3 UI does not update the files installed (such as the tomcat RPMs). You need to do a rebuild of your EasyApache 3 profile for those to be updated.
 

tizoo

Well-Known Member
Jan 6, 2004
75
3
158
cPanel Access Level
DataCenter Provider
Hi Kenneth,

Thank you for the tips.

Right, we didn't make a rebuild of apache/php with EA3. The reason is that each time we do it we encounter the following problems :
  • The script do a reinstall of java support for each java account and reboot tomcat each time... This make the website of our customers beeing like down for hours.
  • The cp_jkmount.conf configurations are reseted during the process. We have to make a backup before running the build to be able to restore them once done.
I don't know if the last update of EA3 also fix those bugs, for now our java servers are too loaded to let us just test.

Best regards,
Philippe