Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

appconfig user and Cpanel::Config::LoadConfig permission warnings

Discussion in 'cPanel Developers' started by rustyhex2, Dec 12, 2013.

  1. rustyhex2

    rustyhex2 Member

    Joined:
    Dec 12, 2013
    Messages:
    8
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    I created a plugin with acls=all and user=limitedUser.
    Everything works fine, but plugin generates lots of warnings in the error log:
    Code:
    [2013-12-12 18:48:34 +0400] warn [Cpanel::Config::LoadConfig] Unable to open /var/cpanel/cpanel.config: Permission denied at /usr/local/cpanel/Cpanel/Config/LoadConfig.pm line 210
        Cpanel::Config::LoadConfig::loadConfig('/var/cpanel/cpanel.config', HASH(0x1b16e948), undef, undef, undef, 1, HASH(0x1b16eb28)) called at /usr/local/cpanel/Cpanel/Config/LoadCpConf.pm line 160
        Cpanel::Config::LoadCpConf::loadcpconf(HASH(0x1a0b5708)) called at /usr/local/cpanel/Cpanel/Config/LoadCpConf.pm line 51
        Cpanel::Config::LoadCpConf::_load_locked(HASH(0x1b16e3d8)) called at /usr/local/cpanel/Cpanel/Config/CpConfGuard.pm line 28
        Cpanel::Config::CpConfGuard::new('Cpanel::Config::CpConfGuard') called at /usr/local/cpanel/Cpanel/Config/ConfigObj/Driver/Attracta.pm line 253
        Cpanel::Config::ConfigObj::Driver::Attracta::_check(Cpanel::Config::ConfigObj::Driver::Attracta=HASH(0x1b16e498), 'cpanel_config_enabled') called at /usr/local/cpanel/Cpanel/Config/ConfigObj/Driver/Attracta.pm line 243
        Cpanel::Config::ConfigObj::Driver::Attracta::check(Cpanel::Config::ConfigObj::Driver::Attracta=HASH(0x1b16e498)) called at /usr/local/cpanel/Cpanel/LicenseComponent.pm line 410
        Cpanel::LicenseComponent::check_component(Cpanel::LicenseComponent=HASH(0x1af1b030), 'attracta') called at /usr/local/cpanel/Cpanel/LicenseComponent.pm line 150
        Cpanel::LicenseComponent::get_component_configured_status(Cpanel::LicenseComponent=HASH(0x1af1b030), 'attracta') called at /usr/local/cpanel/Whostmgr/ACLS.pm line 219
        Whostmgr::ACLS::get_dynamic_acl_lists() called at /usr/local/cpanel/Whostmgr/ACLS.pm line 243
        Whostmgr::ACLS::dynamic_acl_update() called at /usr/local/cpanel/Whostmgr/ACLS.pm line 150
        Whostmgr::ACLS::init_acls() called at /usr/local/cpanel/whostmgr/docroot/myPlugin/index.cgi line 17
    index.cgi, line 17:
    Code:
    Whostmgr::ACLS::init_acls();
if (!Whostmgr::ACLS::hasroot())
{
   print 'Access denied';
   exit;
}
    As i understand, plugin is running under my limited user and has no rights to read cPanel config file and to check ACLS. Any hints how to fix this?
    Thanks.

    p.s. L've got a developer license.
     
    #1 rustyhex2, Dec 12, 2013
  2. KostonConsulting

    KostonConsulting Well-Known Member

    Joined:
    Jun 17, 2010
    Messages:
    255
    Likes Received:
    1
    Trophy Points:
    68
    Location:
    San Francisco, CA
    cPanel Access Level:
    Root Administrator
    /var/cpanel/cpanel.config is 644 so it should be able to be read by any user:

    Code:
    # ls -la /var/cpanel/cpanel.config
-rw-r--r-- 1 root wheel 6131 Nov  7 13:35 /var/cpanel/cpanel.config
    The error points to /usr/local/cpanel/Cpanel/Config/LoadConfig.pm line 210.

    In that module, you'll see that the code is trying to open the file as either 'rw' or 'r' depending on whether or not $arg_ref->{'rw'} is set:

    Code:
    my $conflock = Cpanel::SafeFile::safeopen( $conf_fh, ( $arg_ref->{'rw'} ? '+<' : '<' ), $file ) or do {
    require Cpanel::Logger;
    Cpanel::Logger::cplog( "Unable to open $file: $!", 'warn', __PACK        AGE__ );
    return;
};
    Unfortunately, we don't see the hash values passed to loadConfig in this error:

    Cpanel::Config::LoadConfig::loadConfig('/var/cpanel/cpanel.config', HASH(0x1b16e948), undef, undef, undef, 1, HASH(0x1b16eb28)) called at /usr/local/cpanel/Cpanel/Config/LoadCpConf.pm line 160

    We do know that the last HASH is $arg_ref from the function's definition:

    Code:
    sub loadConfig {
     my ( $file, $conf_ref, $delimiter, $comment, $regexp_to_preprune, $allow_undef_values, $arg_ref ) = @_;

    So, we have to look at /usr/local/cpanel/Cpanel/Config/LoadCpConf.pm line 160 which gives us:

    Code:
    my ( $ref, $fh, $conflock ) = Cpanel::Config::LoadConfig::loadConfig(
    $cpanel_config_file, \%defaults,
    undef, undef, undef, 1, { 'nocache' => 1, 'keep_locked_open' => 1, 'rw' => $load_opts_ref->{'rw'} },
);
    In this case, whether or not to load the file 'rw' is controlled by $load_opts_ref->{'rw'}; $load_opts_ref is passed to loadcpconf():

    Code:
    sub loadcpconf {
    my ($load_opts_ref) = @_;
    Then going to the next call, we see it is for _load_locked() in vi /usr/local/cpanel/Cpanel/Config/LoadCpConf.pm.

    Code:
    sub _load_locked {
    my ($load_opts_ref) = @_;

    my %opts = $load_opts_ref ? %$load_opts_ref : ();
    $opts{'keep_locked_open'} = 1;
    $opts{'rw'}               = 1;

    my ( $fh, $lock_fh, $cpconf ) = loadcpconf( \%opts );

    So, in every case, _load_locked() is going to try to open the file 'rw' but only root has 'rw' permissions so this appears to be 2 bugs. First, $opts{'rw'} is not configurable in _load_locked() but resellers don't have 'rw' access to /var/cpanel/cpanel.config. Second, the plugin driver will need to be extended to pass options to CpConfGuard when creating the object:

    /usr/local/cpanel/Cpanel/Config/ConfigObj/Driver/Attracta.pm line 253:

    Code:
    my $cpconf = Cpanel::Config::CpConfGuard->new();
    Furthermore, it's unclear as to why your plugin would use the driver for Attracta.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #2 KostonConsulting, Dec 13, 2013
  3. rustyhex2

    rustyhex2 Member

    Joined:
    Dec 12, 2013
    Messages:
    8
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Thank you very much for your detailed answer. It seems strange, but i never installed nor used Attracta and i even don't know how to use such driver in my code.
     
    #3 rustyhex2, Dec 13, 2013
  4. KostonConsulting

    KostonConsulting Well-Known Member

    Joined:
    Jun 17, 2010
    Messages:
    255
    Likes Received:
    1
    Trophy Points:
    68
    Location:
    San Francisco, CA
    cPanel Access Level:
    Root Administrator
    I'd imagine that cPanel wrote the first AppConfig driver for the Attracta integration and then it got hard-coded into the system before they decided to make it a public system for all 3rd party integrations. You may want to email the integration team about this and/or submit a ticket so they can get some cases opened about all these issues.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #4 KostonConsulting, Dec 13, 2013
  5. rustyhex2

    rustyhex2 Member

    Joined:
    Dec 12, 2013
    Messages:
    8
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Ticket system registration is broken, so i dropped a letter to integration@. Let's see what they say.
     
    #5 rustyhex2, Dec 17, 2013
    Last edited by a moderator: Dec 17, 2013
  6. cPanelJared

    cPanelJared Technical Analyst

    Joined:
    Feb 25, 2010
    Messages:
    1,835
    Likes Received:
    21
    Trophy Points:
    143
    Location:
    Houston, TX
    cPanel Access Level:
    Root Administrator
    We are not currently aware of any problem with registering in the ticket system, but if there is a problem, we need to fix it. What error message did you get when you tried to register to submit a ticket?
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #6 cPanelJared, Dec 19, 2013
  7. rustyhex2

    rustyhex2 Member

    Joined:
    Dec 12, 2013
    Messages:
    8
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    I reported every bug i found via email. Now it's working.
     
    #7 rustyhex2, Dec 23, 2013
(You must log in or sign up to post here.)
Loading...
Similar Threads - appconfig user Cpanel
  1. Glyn Szasz

    WHM Login Apps Managed by AppConfig page

    Glyn Szasz, Oct 17, 2016, in forum: User Experience
    Replies:
    3
    Views:
    685
    Infopro
    Oct 18, 2016
  2. Tamer Youssef

    Edit user's email white-list?

    Tamer Youssef, Oct 13, 2018 at 5:13 AM, in forum: E-mail Discussion
    Replies:
    1
    Views:
    41
    cPanelLauren
    Oct 16, 2018 at 1:00 PM
  3. Maning

    limit user connections on mysql

    Maning, Oct 11, 2018 at 5:33 PM, in forum: Database Discussion
    Replies:
    1
    Views:
    50
    cPanelLauren
    Oct 12, 2018 at 1:04 PM
  4. William Nkum

    Users can not receive mail

    William Nkum, Oct 10, 2018, in forum: E-mail Discussion
    Replies:
    4
    Views:
    72
    keat63
    Oct 11, 2018 at 4:19 AM
  5. adamreece.webbox

    SSHD fails with AuthorizedKeysCommandUser unknown error

    adamreece.webbox, Oct 10, 2018, in forum: Security
    Replies:
    3
    Views:
    83
    cPanelLauren
    Oct 11, 2018 at 11:29 AM

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...
    Dismiss Notice