cPanel addons - php script is being executed under logged user rights


Active Member
Jan 23, 2007

I'm writing some plugin in PHP for cPanel. Faced with the problem of publicly available php sources in x3 directory, as the script must have world-wide readable chmod.
So, every user can read the source with, e.g., shell script.
This makes no sense in developing scripts connected directly with system: I can't use any logins/passwords, as users can see them in a source, I can't edit files, owned by root, as script executes under logged user.
Thus, we have a very strict set of functions we can use...

I need to let single users to edit files, owned by root, but not writeable by others. I understand, I can queue the corrections in some 777 folder, and watch it with some daemon under root, but the solution isn't acceptable, as, again, any user can edit his own queue file, thereby he can bypass necessary checks...

Turns out a vicious circle...
Any ideas are appreciated..


Well-Known Member
Staff member
Dec 17, 2009
Houston, TX
cPanel Access Level
Root Administrator

Could you give a specific example? In most cases, I would think that having a cPanel user account modifying files belong to root is either a) the wrong approach to solving the problem or b) the only solution that is not worth the risk. I could be very wrong concerning your situation -- a more concrete example would help illustrate the functionality you desire and possible illuminate a valid path to achieving it.

Are you making a cPanel Plugin or a cPAddon?



Active Member
May 27, 2008
This is typically resolved by putting the stuff you don't want everyone to see in a directory which is not accessible via the web, and include it from the script itself.

Regular cpanel users can't put stuff under the x3 theme in order to turn a script into PHP shell, typically.


Well-Known Member
Apr 29, 2005
Houston, TX
cPanel Access Level
Root Administrator
I completely understand your problem, and we are looking into it.

One solution would be to have a setuid script for executing the root perms. This would of course have to ensure that the user has the rights to perform the action in question. We do this all over the place in cPanel :)