Changing permissions on WHM addon modules

[internetfab]

Hi!

Tried changing permission on munin addon, so that reseller (managed server, where owner has reseller privs and we have root) may be able to see stats.

#!/usr/bin/perl
# cpanel - addon_munin.cgi                        Copyright(c) 2011 cPanel, Inc.
#                                                           All rights Reserved.
# [email protected]                                         http://cpanel.net
# This code is subject to the cPanel license. Unauthorized copying is prohibited
#WHMADDON:munin:Munin Service Monitor

BEGIN { unshift @INC, '/usr/local/cpanel'; }

my $security_token = $ENV{'cp_security_token'} || '';

print "Location: $security_token/munin/index.html\r\n\r\n";

Shouldn't this work out of the box? What am I missing?

Getting "Sorry, only root may view munin stats." when visiting /munin/index.html as a reseller.

 

[cPanelDavidN]

Hi internetfab,

You're not missing anything. If you remove

#ACLS:all

the plugin link will appear in the left sidebar

and remove

if ( !Whostmgr::ACLS::hasroot() ) {
    print "Content-type: text/html\r\n\r\n";
    print "Access Denied: You do not have permission to view Munin stats.\n";
    exit;
}

the plugin cgi script will continue and load the munin/index.html

...However, after some research, it would appear that there is a hardcoded check for munin served pages in the binaries. A reseller must have the "all root" privilege in order to clear the check. I imagine the check is done simply, if not specifically, to stop information disclosure.

The only way around the issue would be (I presume) if you mutated the munin plugin files/dir such that all references to munin were removed from the file/dir names; ie `mv docroot/munin docroot/moonin` or something like that. I cannot recommend doing this, but if you HAD to, that would be the first thing to try.

Best Regards,
-DavidN