The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

appconfig user and Cpanel::Config::LoadConfig permission warnings

Discussion in 'cPanel Developers' started by rustyhex2, Dec 12, 2013.

  1. rustyhex2

    rustyhex2 Member

    Joined:
    Dec 12, 2013
    Messages:
    8
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    I created a plugin with acls=all and user=limitedUser.
    Everything works fine, but plugin generates lots of warnings in the error log:
    Code:
    [2013-12-12 18:48:34 +0400] warn [Cpanel::Config::LoadConfig] Unable to open /var/cpanel/cpanel.config: Permission denied at /usr/local/cpanel/Cpanel/Config/LoadConfig.pm line 210
            Cpanel::Config::LoadConfig::loadConfig('/var/cpanel/cpanel.config', HASH(0x1b16e948), undef, undef, undef, 1, HASH(0x1b16eb28)) called at /usr/local/cpanel/Cpanel/Config/LoadCpConf.pm line 160
            Cpanel::Config::LoadCpConf::loadcpconf(HASH(0x1a0b5708)) called at /usr/local/cpanel/Cpanel/Config/LoadCpConf.pm line 51
            Cpanel::Config::LoadCpConf::_load_locked(HASH(0x1b16e3d8)) called at /usr/local/cpanel/Cpanel/Config/CpConfGuard.pm line 28
            Cpanel::Config::CpConfGuard::new('Cpanel::Config::CpConfGuard') called at /usr/local/cpanel/Cpanel/Config/ConfigObj/Driver/Attracta.pm line 253
            Cpanel::Config::ConfigObj::Driver::Attracta::_check(Cpanel::Config::ConfigObj::Driver::Attracta=HASH(0x1b16e498), 'cpanel_config_enabled') called at /usr/local/cpanel/Cpanel/Config/ConfigObj/Driver/Attracta.pm line 243
            Cpanel::Config::ConfigObj::Driver::Attracta::check(Cpanel::Config::ConfigObj::Driver::Attracta=HASH(0x1b16e498)) called at /usr/local/cpanel/Cpanel/LicenseComponent.pm line 410
            Cpanel::LicenseComponent::check_component(Cpanel::LicenseComponent=HASH(0x1af1b030), 'attracta') called at /usr/local/cpanel/Cpanel/LicenseComponent.pm line 150
            Cpanel::LicenseComponent::get_component_configured_status(Cpanel::LicenseComponent=HASH(0x1af1b030), 'attracta') called at /usr/local/cpanel/Whostmgr/ACLS.pm line 219
            Whostmgr::ACLS::get_dynamic_acl_lists() called at /usr/local/cpanel/Whostmgr/ACLS.pm line 243
            Whostmgr::ACLS::dynamic_acl_update() called at /usr/local/cpanel/Whostmgr/ACLS.pm line 150
            Whostmgr::ACLS::init_acls() called at /usr/local/cpanel/whostmgr/docroot/myPlugin/index.cgi line 17
    
    index.cgi, line 17:
    Code:
    Whostmgr::ACLS::init_acls();
    if (!Whostmgr::ACLS::hasroot())
    {
       print 'Access denied';
       exit;
    } 
    
    As i understand, plugin is running under my limited user and has no rights to read cPanel config file and to check ACLS. Any hints how to fix this?
    Thanks.

    p.s. L've got a developer license.
     
  2. KostonConsulting

    KostonConsulting Well-Known Member

    Joined:
    Jun 17, 2010
    Messages:
    255
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    San Francisco, CA
    cPanel Access Level:
    Root Administrator
    /var/cpanel/cpanel.config is 644 so it should be able to be read by any user:

    Code:
    # ls -la /var/cpanel/cpanel.config
    -rw-r--r-- 1 root wheel 6131 Nov  7 13:35 /var/cpanel/cpanel.config
    
    The error points to /usr/local/cpanel/Cpanel/Config/LoadConfig.pm line 210.

    In that module, you'll see that the code is trying to open the file as either 'rw' or 'r' depending on whether or not $arg_ref->{'rw'} is set:

    Code:
    my $conflock = Cpanel::SafeFile::safeopen( $conf_fh, ( $arg_ref->{'rw'} ? '+<' : '<' ), $file ) or do {
        require Cpanel::Logger;
        Cpanel::Logger::cplog( "Unable to open $file: $!", 'warn', __PACK        AGE__ );
        return;
    };
    
    Unfortunately, we don't see the hash values passed to loadConfig in this error:

    Cpanel::Config::LoadConfig::loadConfig('/var/cpanel/cpanel.config', HASH(0x1b16e948), undef, undef, undef, 1, HASH(0x1b16eb28)) called at /usr/local/cpanel/Cpanel/Config/LoadCpConf.pm line 160

    We do know that the last HASH is $arg_ref from the function's definition:

    Code:
    sub loadConfig {
         my ( $file, $conf_ref, $delimiter, $comment, $regexp_to_preprune, $allow_undef_values, $arg_ref ) = @_;
    

    So, we have to look at /usr/local/cpanel/Cpanel/Config/LoadCpConf.pm line 160 which gives us:

    Code:
    my ( $ref, $fh, $conflock ) = Cpanel::Config::LoadConfig::loadConfig(
        $cpanel_config_file, \%defaults,
        undef, undef, undef, 1, { 'nocache' => 1, 'keep_locked_open' => 1, 'rw' => $load_opts_ref->{'rw'} },
    );
    
    In this case, whether or not to load the file 'rw' is controlled by $load_opts_ref->{'rw'}; $load_opts_ref is passed to loadcpconf():

    Code:
    sub loadcpconf {
        my ($load_opts_ref) = @_;
    
    Then going to the next call, we see it is for _load_locked() in vi /usr/local/cpanel/Cpanel/Config/LoadCpConf.pm.

    Code:
    sub _load_locked {
        my ($load_opts_ref) = @_;
    
        my %opts = $load_opts_ref ? %$load_opts_ref : ();
        $opts{'keep_locked_open'} = 1;
        $opts{'rw'}               = 1;
    
        my ( $fh, $lock_fh, $cpconf ) = loadcpconf( \%opts );
    

    So, in every case, _load_locked() is going to try to open the file 'rw' but only root has 'rw' permissions so this appears to be 2 bugs. First, $opts{'rw'} is not configurable in _load_locked() but resellers don't have 'rw' access to /var/cpanel/cpanel.config. Second, the plugin driver will need to be extended to pass options to CpConfGuard when creating the object:

    /usr/local/cpanel/Cpanel/Config/ConfigObj/Driver/Attracta.pm line 253:

    Code:
    my $cpconf = Cpanel::Config::CpConfGuard->new();
    
    Furthermore, it's unclear as to why your plugin would use the driver for Attracta.
     
  3. rustyhex2

    rustyhex2 Member

    Joined:
    Dec 12, 2013
    Messages:
    8
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Thank you very much for your detailed answer. It seems strange, but i never installed nor used Attracta and i even don't know how to use such driver in my code.
     
  4. KostonConsulting

    KostonConsulting Well-Known Member

    Joined:
    Jun 17, 2010
    Messages:
    255
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    San Francisco, CA
    cPanel Access Level:
    Root Administrator
    I'd imagine that cPanel wrote the first AppConfig driver for the Attracta integration and then it got hard-coded into the system before they decided to make it a public system for all 3rd party integrations. You may want to email the integration team about this and/or submit a ticket so they can get some cases opened about all these issues.
     
  5. rustyhex2

    rustyhex2 Member

    Joined:
    Dec 12, 2013
    Messages:
    8
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Ticket system registration is broken, so i dropped a letter to integration@. Let's see what they say.
     
    #5 rustyhex2, Dec 17, 2013
    Last edited by a moderator: Dec 17, 2013
  6. cPanelJared

    cPanelJared Technical Analyst
    Staff Member

    Joined:
    Feb 25, 2010
    Messages:
    1,842
    Likes Received:
    18
    Trophy Points:
    38
    Location:
    Houston, TX
    cPanel Access Level:
    Root Administrator
    We are not currently aware of any problem with registering in the ticket system, but if there is a problem, we need to fix it. What error message did you get when you tried to register to submit a ticket?
     
  7. rustyhex2

    rustyhex2 Member

    Joined:
    Dec 12, 2013
    Messages:
    8
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    I reported every bug i found via email. Now it's working.
     
Loading...

Share This Page