can user COMMON cPanel connect to API ?

[000]

from API Tokens in WHM · cPanel & WHM Developer Portal we get this code:

<?PHP
$user = "root";
$token = "MYAPITOKEN";

$query = "https://127.0.0.1:2087/json-api/listaccts?api.version=1";

$curl = curl_init();
curl_setopt($curl, CURLOPT_SSL_VERIFYHOST,0);
curl_setopt($curl, CURLOPT_SSL_VERIFYPEER,0);
curl_setopt($curl, CURLOPT_RETURNTRANSFER,1);

$header[0] = "Authorization: whm $user:$token";
curl_setopt($curl,CURLOPT_HTTPHEADER,$header);
curl_setopt($curl, CURLOPT_URL, $query);

$result = curl_exec($curl);

$http_status = curl_getinfo($curl, CURLINFO_HTTP_CODE);
if ($http_status != 200) {
    echo "[!] Error: " . $http_status . " returned\n";
} else {
    $json = json_decode($result);
    echo "[+] Current cPanel users on the system:\n";
    foreach ($json->{'data'}->{'acct'} as $userdetails) {
        echo "\t" . $userdetails->{'user'} . "\n";
    }
}

curl_close($curl);

documentation in API Tokens in WHM · cPanel & WHM Developer Portal say: " Specify either the root user or a reseller user in line 2. "

but: is possible allow execute ONLY THIS COMMAND:



to users NOT reseller ?

my target is execute the command

su - $COMMON_USER_cPanel -s /bin/bash -c 'ubic restart ea-tomcat85'

but just $COMMON_USER_cPanel
not is reseller.

is possible?

 

[cPRex]

Hey there! The token system there is specifically for the WHMAPI commands, which would not be available to standard users. Only root and resellers with WHM access would be able to run those commands as WHM access is required, either directly through a session or through the token.

 

[000]

master @cPRex then how is possible

su - $COMMON_USER_cPanel -s /bin/bash -c 'ubic restart ea-tomcat85'

restart TomCat from X.php ??

 

[cPRex]

In the Tomcat guide at Tomcat 8 and EasyApache Setup Guide, step 4 is where the root user grants access to the cPanel user to run the ubic process.

 

[000]

sure!,
ROOT give access to RUBIC.

After,
how from "any.php" can user $COMMON_USER_cPanel restart TC ?

yes,
he can login into SHELL, but the target is doit using API interface or "file.php"

 

[cPRex]

I'm not completely sure I'm following where this is going. You're saying you want to have a user be able to execute the PHP code to restart the service? I don't believe that would work either, as the PHP would be executed as either the cPanel user or Apache, and not the user with enough permissions to perform the service restart with the token.

 

[000]

I'm not completely sure I'm following where this is going. You're saying you want to have a user be able to execute the PHP code to restart the service? I don't believe that would work either, as the PHP would be executed as either the cPanel user or Apache, and not the user with enough permissions to perform the service restart with the token.

yes master,
the idea is: "user cPanel with TC enable, restart TomCat" WITHOUT use SHELL

that is all, and this user NOT is reseller

 

[cPRex]

There isn't going to be a way to do that - if that were possible, that would open up major security risks to the system.

 

[000]

then how USERX can restart TC without access to SHELL ?

 

[cPRex]

I currently don't have a good way to do that - shell access is listed as a requirement for the Tomcat and ubic tools:

How does a user start/stop their Tomcat installation?

Question Is it possible for a user to start/stop their Tomcat installation, or to check its status? Answer Yes. Part of the Tomcat installation is setting up different instances for each user tha...

support.cpanel.net

 

[000]

I currently don't have a good way to do that - shell access is listed as a requirement for the Tomcat and ubic tools:

How does a user start/stop their Tomcat installation?

Question Is it possible for a user to start/stop their Tomcat installation, or to check its status? Answer Yes. Part of the Tomcat installation is setting up different instances for each user tha...

support.cpanel.net

Thanks master @cPRex, good details,
however: is possible WITHOUT final user use shell ?

 

[cPRex]

There is currently not a way to do that without shell access.

 

[000]

There is currently not a way to do that without shell access.

and is possible as RESELLER user using API ?

 

[cPRex]

Yes, a reseller would have access to the whmapi.

 

[000]

Yes

thanks.

Which is the command for a USER RESELLER restart TC ?

 

[cPRex]

I believe there is some confusion about the Tomcat and ubic processes. The ubic commands outlined in the guide should only be run as the user, as they are restarting their specific Tomcat application instance. Any actions performed by root or a reseller would be restarting the service for the entire machine, which is a bit different process.

 

[000]

yes master,
the focus is restart only TomCat without use SHELL

how doit ?

 

[cPRex]

There isn't a way to do that, as each Tomcat instance is linked with the user, which would also need shell access. Here is an excerpt from Introduction to Tomcat | cPanel & WHM Documentation

"In EasyApache 4, Tomcat runs as a per-user private instance and allows the user to configure their instance themselves. Tomcat runs as the individual user, rather than as the tomcat user. This increases security and places management of the Tomcat instance in the user’s control, but may affect your server’s performance due to the memory requirements."

There is not a global restart command for a global Tomcat process, because such a process does not exist.

 

[000]

thanks by your time master @cPRex