Best practice to launch root script from cPanel plugin

[a_guy]

Howdy,

I'm writing a cPanel plugin that needs to trigger a script that runs as root (and a two parameters are sent to the script).

I don't want to run the whole plugin with escalated privileges for obvious reasons.
I'm not keen on adding the script to sudoers to always run as root either (though looks like a simple and ~secure way).

Ideally I would be able to define custom a hook and trigger the hook from the cPanel plugin and have a script that listens to hook on the other end.
I don't think I can define custom hooks, at least I didn't find this in docs.

Other ideas also cross my mind: use some file watcher based on inotify and trigger when the script when a file is created in any of the cPanel accounts.
Or some sort of dbus communication, maybe a queue, but RabbitMQ sounds like an overkill.
Some cron to check file created: old school and adds delay.

So, before reinventing the wheel, I thought I'd ask how are you folks doing this?
What would be a lite and secure way to launch script as root from regular cPanel user plugin?


Thanks

 

[cPRex]

Hey there! While not a dev myself, I spoke with some of our guys and they pointed me to this page that explains the privilege escalation system:

Guide to API Privilege Escalation - Developer Documentation - cPanel Documentation

documentation.cpanel.net

Specifically, they recommended exploring this method:

Guide to API Privilege Escalation - The Admin Module Method - Developer Documentation - cPanel Documentation

documentation.cpanel.net

Let me know if that helps!

 

[a_guy]

That's interesting. Thanks.

I was hoping to get away with PHP (or, even better, Python), but I better learn PERL then.