Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

addservlets broken due to SafeRun

Discussion in 'General Discussion' started by tizoo, Jan 15, 2018.

  1. tizoo

    tizoo Well-Known Member

    Joined:
    Jan 6, 2004
    Messages:
    69
    Likes Received:
    0
    Trophy Points:
    156
    CLOUDLINUX 6.9 standard [xxx] v68.0.25

    Hello,

    Since some weeks or months, each time we add servlets support to a domain, we have to add the configuration by hand in the server.xml Tomcat configuration file.

    It seems the problem is due to SafeRun. Here is the output of the commande :

    Code:
    # /scripts/addservlets --domain=example.com
    Scanning userdata...
    [2018-01-15 18:42:57 +0100] die [Internal Death while parsing [stdin] 191708] Cpanel::SafeRun::Simple prevents accidental execution of a shell.  If you intended to execute a shell use saferun(/bin/sh,-c,grep -r -I '^cp_jkmount.conf: 1' /var/cpanel/userdata) at /usr/local/cpanel/Cpanel/SafeRun/Simple.pm line 48.
       Cpanel::SafeRun::Simple::_saferun_r(ARRAY(0x1b036d8), 1) called at /usr/local/cpanel/Cpanel/SafeRun/Errors.pm line 16
       Cpanel::SafeRun::Errors::saferunallerrors("grep -r -I '^cp_jkmount.conf: 1' /var/cpanel/userdata") called at /usr/local/easy/sbin/easy-tomcat7-gentomcatlist2 line 47
     at /usr/local/cpanel/Cpanel/SafeRun/Simple.pm line 48.
       Cpanel::SafeRun::Simple::_saferun_r(ARRAY(0x1b036d8), 1) called at /usr/local/cpanel/Cpanel/SafeRun/Errors.pm line 16
       Cpanel::SafeRun::Errors::saferunallerrors("grep -r -I '^cp_jkmount.conf: 1' /var/cpanel/userdata") called at /usr/local/easy/sbin/easy-tomcat7-gentomcatlist2 line 47
    
    [A fatal error or timeout occurred while processing this directive.]
    
    Cpanel::SafeRun::Simple prevents accidental execution of a shell.  If you intended to execute a shell use saferun(/bin/sh,-c,grep -r -I '^cp_jkmount.conf: 1' /var/cpanel/userdata) at /usr/local/cpanel/Cpanel/SafeRun/Simple.pm line 48.
       Cpanel::SafeRun::Simple::_saferun_r(ARRAY(0x1b036d8), 1) called at /usr/local/cpanel/Cpanel/SafeRun/Errors.pm line 16
       Cpanel::SafeRun::Errors::saferunallerrors("grep -r -I '^cp_jkmount.conf: 1' /var/cpanel/userdata") called at /usr/local/easy/sbin/easy-tomcat7-gentomcatlist2 line 47
    Done: .jsp support installed for example.com
    Is there a way to fix that ?

    Thanks in advance for any tips.

    Best,
    Philippe
     
  2. JacobPerkins

    JacobPerkins Well-Known Member

    Joined:
    May 2, 2014
    Messages:
    619
    Likes Received:
    96
    Trophy Points:
    103
    cPanel Access Level:
    DataCenter Provider
    Twitter:
    Hi,

    We fixed this in our latest EA3 builds (3.34.20), you can run a new build and things should start working again.
     
  3. tizoo

    tizoo Well-Known Member

    Joined:
    Jan 6, 2004
    Messages:
    69
    Likes Received:
    0
    Trophy Points:
    156
    Hi Jacob,

    Thanks for your answer but I fear the new EA3 3.34.20 doesn't fix the problem.

    I updated EA3 through WHM (Home >> Software >> EasyApache3 and it automatically check for the last version). But this update doesn't change the script that make the error (/usr/local/easy/sbin/easy-tomcat7-gentomcatlist2).

    If that helps, we used the following patch to fix the problem :

    Code:
    diff -Naur a/easy-tomcat7-gentomcatlist2 b/easy-tomcat7-gentomcatlist2
    --- a/easy-tomcat7-gentomcatlist2    2018-01-16 08:11:04.882235872 +0100
    +++ b/easy-tomcat7-gentomcatlist2    2018-01-16 08:14:26.001891764 +0100
    @@ -47,7 +47,7 @@
     my %domain_owners;
     my $server_aliases = {};
     
    -my @lines = Cpanel::SafeRun::Errors::saferunallerrors("grep -r -I '^cp_jkmount.conf: 1' /var/cpanel/userdata");
    +my @lines = Cpanel::SafeRun::Errors::saferunallerrors("/bin/sh", "-c", "grep -r -I '^cp_jkmount.conf: 1' /var/cpanel/userdata");
     for my $line (@lines) {
         next unless $line =~ /cp_jkmount\.conf: 1/;    # Strip out any stderr lines
         $line =~ s/\:.*//;
    
    Best,
    Philippe
     
  4. cPWilliamL

    cPWilliamL cP Technical Analyst II
    Staff Member

    Joined:
    May 15, 2017
    Messages:
    257
    Likes Received:
    29
    Trophy Points:
    103
    Location:
    America
    cPanel Access Level:
    Root Administrator
    Thanks for sharing your detailed solution. I am surprised to hear the update did not correct your issue, as I've found several tickets marked with case EAL-3181 that the update did correct the issue.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  5. cPanelKenneth

    cPanelKenneth cPanel Development
    Staff Member

    Joined:
    Apr 7, 2006
    Messages:
    4,561
    Likes Received:
    42
    Trophy Points:
    308
    cPanel Access Level:
    Root Administrator
    Hi,

    Did you do a rebuild of EasyApache 3?

    The automatic check for latest version that happens when you go into the EasyApache 3 UI does not update the files installed (such as the tomcat RPMs). You need to do a rebuild of your EasyApache 3 profile for those to be updated.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  6. tizoo

    tizoo Well-Known Member

    Joined:
    Jan 6, 2004
    Messages:
    69
    Likes Received:
    0
    Trophy Points:
    156
    Hi Kenneth,

    Thank you for the tips.

    Right, we didn't make a rebuild of apache/php with EA3. The reason is that each time we do it we encounter the following problems :
    • The script do a reinstall of java support for each java account and reboot tomcat each time... This make the website of our customers beeing like down for hours.
    • The cp_jkmount.conf configurations are reseted during the process. We have to make a backup before running the build to be able to restore them once done.
    I don't know if the last update of EA3 also fix those bugs, for now our java servers are too loaded to let us just test.

    Best regards,
    Philippe
     
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice