The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

cPanel Plugin to access configuration files, with web server's user?

Discussion in 'cPanel Developers' started by yclian, Jul 8, 2010.

  1. yclian

    yclian Registered

    Joined:
    May 31, 2010
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    1
    Hi there,

    I have a YAML file that contains OAuth consumer key and secret, they're placed at /var/cpanel/xxx. This file is generated by the administrator via WHM and a user shall not have access to it except the admin and the web server's user.

    The user (say 'luser') accesses to the plugin via /frontend/x3/xxx/index.phpcp, and I just realized that it will be running under the permission of 'luser' instead of the web server.

    Is there any way I can grant access to the web server (I suppose cPanel runs Apache as 'root') and to use that credential to perform something in a plugin?

    Thanks.
     
  2. MattDees

    MattDees cPanel Product Owner
    Staff Member

    Joined:
    Apr 29, 2005
    Messages:
    417
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    Houston, TX
    cPanel Access Level:
    Root Administrator
    Well, just for the sake of semantics, cpanel uses it's own webserver - cpsrvd.

    This runs as it's user. The best way to handle this sort of interaction is to make the file owned root:usergroup. This will allow both users and root to access the file.

    Or you could just own the file to the user all together (root can handle it either way).

    Your other option is to create a setuid binary that can retrieve that information using checks to ensure the correct user is calling it.
     
  3. dreas

    dreas Active Member

    Joined:
    Nov 19, 2008
    Messages:
    27
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Amsterdam, The Netherlands
    Are you able to provide an example program for this? This cPanel design is causing us a lot of trouble as well.
     
  4. dreas

    dreas Active Member

    Joined:
    Nov 19, 2008
    Messages:
    27
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Amsterdam, The Netherlands
    Actually could we write this program simply in PHP, and make it executable (but not readable) by world? And then the PHP script would verify if the action is allowed for the specific user/domain? Or does this have to be some C binary?
     
  5. dreas

    dreas Active Member

    Joined:
    Nov 19, 2008
    Messages:
    27
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Amsterdam, The Netherlands
    It has to be a binary. The (PHP) interpreter cannot execute the file without having read access.
     
Loading...

Share This Page