The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

appconfig user and Cpanel::Config::LoadConfig permission warnings

Discussion in 'cPanel Developers' started by rustyhex2, Dec 12, 2013.

  1. rustyhex2

    rustyhex2 Member

    Joined:
    Dec 12, 2013
    Messages:
    8
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    I created a plugin with acls=all and user=limitedUser.
    Everything works fine, but plugin generates lots of warnings in the error log:
    Code:
    [2013-12-12 18:48:34 +0400] warn [Cpanel::Config::LoadConfig] Unable to open /var/cpanel/cpanel.config: Permission denied at /usr/local/cpanel/Cpanel/Config/LoadConfig.pm line 210
        Cpanel::Config::LoadConfig::loadConfig('/var/cpanel/cpanel.config', HASH(0x1b16e948), undef, undef, undef, 1, HASH(0x1b16eb28)) called at /usr/local/cpanel/Cpanel/Config/LoadCpConf.pm line 160
        Cpanel::Config::LoadCpConf::loadcpconf(HASH(0x1a0b5708)) called at /usr/local/cpanel/Cpanel/Config/LoadCpConf.pm line 51
        Cpanel::Config::LoadCpConf::_load_locked(HASH(0x1b16e3d8)) called at /usr/local/cpanel/Cpanel/Config/CpConfGuard.pm line 28
        Cpanel::Config::CpConfGuard::new('Cpanel::Config::CpConfGuard') called at /usr/local/cpanel/Cpanel/Config/ConfigObj/Driver/Attracta.pm line 253
        Cpanel::Config::ConfigObj::Driver::Attracta::_check(Cpanel::Config::ConfigObj::Driver::Attracta=HASH(0x1b16e498), 'cpanel_config_enabled') called at /usr/local/cpanel/Cpanel/Config/ConfigObj/Driver/Attracta.pm line 243
        Cpanel::Config::ConfigObj::Driver::Attracta::check(Cpanel::Config::ConfigObj::Driver::Attracta=HASH(0x1b16e498)) called at /usr/local/cpanel/Cpanel/LicenseComponent.pm line 410
        Cpanel::LicenseComponent::check_component(Cpanel::LicenseComponent=HASH(0x1af1b030), 'attracta') called at /usr/local/cpanel/Cpanel/LicenseComponent.pm line 150
        Cpanel::LicenseComponent::get_component_configured_status(Cpanel::LicenseComponent=HASH(0x1af1b030), 'attracta') called at /usr/local/cpanel/Whostmgr/ACLS.pm line 219
        Whostmgr::ACLS::get_dynamic_acl_lists() called at /usr/local/cpanel/Whostmgr/ACLS.pm line 243
        Whostmgr::ACLS::dynamic_acl_update() called at /usr/local/cpanel/Whostmgr/ACLS.pm line 150
        Whostmgr::ACLS::init_acls() called at /usr/local/cpanel/whostmgr/docroot/myPlugin/index.cgi line 17
    index.cgi, line 17:
    Code:
    Whostmgr::ACLS::init_acls();
if (!Whostmgr::ACLS::hasroot())
{
   print 'Access denied';
   exit;
}
    As i understand, plugin is running under my limited user and has no rights to read cPanel config file and to check ACLS. Any hints how to fix this?
    Thanks.

    p.s. L've got a developer license.
     
    #1 rustyhex2, Dec 12, 2013
  2. KostonConsulting

    KostonConsulting Well-Known Member

    Joined:
    Jun 17, 2010
    Messages:
    255
    Likes Received:
    1
    Trophy Points:
    68
    Location:
    San Francisco, CA
    cPanel Access Level:
    Root Administrator
    /var/cpanel/cpanel.config is 644 so it should be able to be read by any user:

    Code:
    # ls -la /var/cpanel/cpanel.config
-rw-r--r-- 1 root wheel 6131 Nov  7 13:35 /var/cpanel/cpanel.config
    The error points to /usr/local/cpanel/Cpanel/Config/LoadConfig.pm line 210.

    In that module, you'll see that the code is trying to open the file as either 'rw' or 'r' depending on whether or not $arg_ref->{'rw'} is set:

    Code:
    my $conflock = Cpanel::SafeFile::safeopen( $conf_fh, ( $arg_ref->{'rw'} ? '+<' : '<' ), $file ) or do {
    require Cpanel::Logger;
    Cpanel::Logger::cplog( "Unable to open $file: $!", 'warn', __PACK        AGE__ );
    return;
};
    Unfortunately, we don't see the hash values passed to loadConfig in this error:

    Cpanel::Config::LoadConfig::loadConfig('/var/cpanel/cpanel.config', HASH(0x1b16e948), undef, undef, undef, 1, HASH(0x1b16eb28)) called at /usr/local/cpanel/Cpanel/Config/LoadCpConf.pm line 160

    We do know that the last HASH is $arg_ref from the function's definition:

    Code:
    sub loadConfig {
     my ( $file, $conf_ref, $delimiter, $comment, $regexp_to_preprune, $allow_undef_values, $arg_ref ) = @_;

    So, we have to look at /usr/local/cpanel/Cpanel/Config/LoadCpConf.pm line 160 which gives us:

    Code:
    my ( $ref, $fh, $conflock ) = Cpanel::Config::LoadConfig::loadConfig(
    $cpanel_config_file, \%defaults,
    undef, undef, undef, 1, { 'nocache' => 1, 'keep_locked_open' => 1, 'rw' => $load_opts_ref->{'rw'} },
);
    In this case, whether or not to load the file 'rw' is controlled by $load_opts_ref->{'rw'}; $load_opts_ref is passed to loadcpconf():

    Code:
    sub loadcpconf {
    my ($load_opts_ref) = @_;
    Then going to the next call, we see it is for _load_locked() in vi /usr/local/cpanel/Cpanel/Config/LoadCpConf.pm.

    Code:
    sub _load_locked {
    my ($load_opts_ref) = @_;

    my %opts = $load_opts_ref ? %$load_opts_ref : ();
    $opts{'keep_locked_open'} = 1;
    $opts{'rw'}               = 1;

    my ( $fh, $lock_fh, $cpconf ) = loadcpconf( \%opts );

    So, in every case, _load_locked() is going to try to open the file 'rw' but only root has 'rw' permissions so this appears to be 2 bugs. First, $opts{'rw'} is not configurable in _load_locked() but resellers don't have 'rw' access to /var/cpanel/cpanel.config. Second, the plugin driver will need to be extended to pass options to CpConfGuard when creating the object:

    /usr/local/cpanel/Cpanel/Config/ConfigObj/Driver/Attracta.pm line 253:

    Code:
    my $cpconf = Cpanel::Config::CpConfGuard->new();
    Furthermore, it's unclear as to why your plugin would use the driver for Attracta.
     
    #2 KostonConsulting, Dec 13, 2013
  3. rustyhex2

    rustyhex2 Member

    Joined:
    Dec 12, 2013
    Messages:
    8
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Thank you very much for your detailed answer. It seems strange, but i never installed nor used Attracta and i even don't know how to use such driver in my code.
     
    #3 rustyhex2, Dec 13, 2013
  4. KostonConsulting

    KostonConsulting Well-Known Member

    Joined:
    Jun 17, 2010
    Messages:
    255
    Likes Received:
    1
    Trophy Points:
    68
    Location:
    San Francisco, CA
    cPanel Access Level:
    Root Administrator
    I'd imagine that cPanel wrote the first AppConfig driver for the Attracta integration and then it got hard-coded into the system before they decided to make it a public system for all 3rd party integrations. You may want to email the integration team about this and/or submit a ticket so they can get some cases opened about all these issues.
     
    #4 KostonConsulting, Dec 13, 2013
  5. rustyhex2

    rustyhex2 Member

    Joined:
    Dec 12, 2013
    Messages:
    8
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Ticket system registration is broken, so i dropped a letter to integration@. Let's see what they say.
     
    #5 rustyhex2, Dec 17, 2013
    Last edited by a moderator: Dec 17, 2013
  6. cPanelJared

    cPanelJared Technical Analyst
    Staff Member

    Joined:
    Feb 25, 2010
    Messages:
    1,841
    Likes Received:
    19
    Trophy Points:
    143
    Location:
    Houston, TX
    cPanel Access Level:
    Root Administrator
    We are not currently aware of any problem with registering in the ticket system, but if there is a problem, we need to fix it. What error message did you get when you tried to register to submit a ticket?
     
    #6 cPanelJared, Dec 19, 2013
  7. rustyhex2

    rustyhex2 Member

    Joined:
    Dec 12, 2013
    Messages:
    8
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    I reported every bug i found via email. Now it's working.
     
    #7 rustyhex2, Dec 23, 2013
(You must log in or sign up to post here.)
Loading...
Similar Threads - appconfig user Cpanel
  1. Glyn Szasz

    WHM Login Apps Managed by AppConfig page

    Glyn Szasz, Oct 17, 2016, in forum: User Experience
    Replies:
    3
    Views:
    261
    Infopro
    Oct 18, 2016
  2. Jeff P.

    CSF & Logview no show in WHM Due to Appconfig Malfunction

    Jeff P., Feb 2, 2016, in forum: General Discussion
    Replies:
    11
    Views:
    688
    xisn
    Jan 26, 2017
  3. George23

    How to configure a filter for blind copy from one domain user to another one?

    George23, Jun 28, 2017 at 3:18 PM, in forum: E-mail Discussions
    Replies:
    1
    Views:
    23
    cPanelMichael
    Jun 29, 2017 at 8:46 AM
  4. Maor Bar

    SOLVED Add Users to Sudoers File

    Maor Bar, Jun 28, 2017 at 3:16 AM, in forum: General Discussion
    Replies:
    2
    Views:
    36
    Maor Bar
    Jun 29, 2017 at 1:53 AM
  5. Souther

    MySQL Profiles: user app migration to using remote server

    Souther, Jun 21, 2017, in forum: Database Discussions
    Replies:
    6
    Views:
    74
    Souther
    Jun 22, 2017

Share This Page