SOLVED Creating database from shell script

[KrasniyRus]

Hello,

I am trying to create database, user and grant all privileges to the user over the database from command line via Shell script, my script code is below:

#!/bin/bash

for i in `stat -c "%U" .`; do echo "The cPanel username is" $i ;done

cpprefix=$(uapi --user="$i" Mysql get_restrictions --output=json | sed -e 's/^.*"prefix":"\([^"]*\)".*$/\1/');
rndm=`shuf -i 100-999 -n 1`;
password=`date +%s | sha256sum | base64 | head -c 12 ; echo`;
db="$cpprefix""$rndm";

uapi --user="$1" --output=json Mysql create_database name="$db"
uapi --user="$1" --output=json Mysql create_user name="$db" password="$password"
uapi --user="$1" Mysql set_privileges_on_database user="$db" database="$db" privileges=ALL%20PRIVILEGES

printf "\n\e[33m==============\e\n";
printf "\e[36mDatabase & User:\e[0m $db\n";
printf "\e[36mDatabase password:\e[0m $password\n";
printf "\e[33m==============\e[0m\n";

However the whole operation is failing with the following output:

The cPanel username is xxxxxxx
[2017-12-29 09:32:36 -0500] die [uapi] setuids failed: Attempting to setuid as a normal user with RUID 503 at /usr/local/cpanel/Cpanel/AccessIds/SetUids.pm line 89.
        Cpanel::AccessIds::SetUids::_log_and_die_if_not_root() called at /usr/local/cpanel/Cpanel/AccessIds/SetUids.pm line 66
        Cpanel::AccessIds::SetUids::setuids("xxxxxxx") called at bin/apitool.pl line 83
        bin::apitool::run("--user=xxxxxxx", "Mysql", "get_restrictions", "--output=json") called at bin/apitool.pl line 29
die [uapi] setuids failed: Attempting to setuid as a normal user with RUID 503
exit level [die] [pid=27602] (setuids failed: Attempting to setuid as a normal user with RUID 503)
Option user requires an argument
{"func":"create_database","module":"Mysql","apiversion":3,"result":{"messages":null,"errors":["The name “746” does not begin with the required prefix “xxxxxxx_”."],"metadata":{},"status":0,"data":null}}
Option user requires an argument
{"func":"create_user","module":"Mysql","apiversion":3,"result":{"data":null,"metadata":{},"messages":null,"errors":["The name “746” does not begin with the required prefix “xxxxxxx_”."],"status":0}}
Option user requires an argument
---
apiversion: 3
func: set_privileges_on_database
module: Mysql
result:
  data: ~
  errors:
    - The system user “xxxxxxx” does not control a MySQL database named “746”.
  messages: ~
  metadata: {}

  status: 0

==============
Database & User: 746
Database password: ZWE3NDg4Y2U2
==============

Please note that, I have replaced the actual cPanel username with "xxxxxxx". No matter if I am executing the script as root user (in the home directory of the "xxxxxxx" user) or as the "xxxxxxx" the output is the same.

I have used the following documentations for guidance:

• UAPI Functions - Mysql::create_database - Software Development Kit - cPanel Documentation
• UAPI Functions - Mysql::create_user - Software Development Kit - cPanel Documentation
• UAPI Functions - Mysql::set_privileges_on_database - Software Development Kit - cPanel Documentation

As well as many, many, many threads on this forum, however it seems that every time, I am in a dead end. Any ideas and/or suggestions will be very helpful, thank you!

 

[24x7server]

Hi,

DId you try to execute the comands manually that you are using in the script. Check if they work when you manually execute them..

 

[KrasniyRus]

Hey 24x7server,

Thank you for the advice, I have double checked the whole script and noticed a vital mistake:

uapi --user="$1" --output=json Mysql create_database name="$db"
uapi --user="$1" --output=json Mysql create_user name="$db" password="$password"
uapi --user="$1" Mysql set_privileges_on_database user="$db" database="$db" privileges=ALL%20PRIVILEGES

The

--user="$1"

part should be

--user="$i"

, however after this fix other issues are now available:

The cPanel username is xxxxxxxx
[2017-12-29 12:47:16 -0500] die [uapi] setuids failed: Attempting to setuid as a normal user with RUID 505 at /usr/local/cpanel/Cpanel/AccessIds/SetUids.pm line 89.
        Cpanel::AccessIds::SetUids::_log_and_die_if_not_root() called at /usr/local/cpanel/Cpanel/AccessIds/SetUids.pm line 66
        Cpanel::AccessIds::SetUids::setuids("xxxxxxxx") called at bin/apitool.pl line 83
        bin::apitool::run("--user=xxxxxxxx", "Mysql", "get_restrictions", "--output=json") called at bin/apitool.pl line 29
die [uapi] setuids failed: Attempting to setuid as a normal user with RUID 505
exit level [die] [pid=31403] (setuids failed: Attempting to setuid as a normal user with RUID 505)
[2017-12-29 12:47:16 -0500] die [uapi] setuids failed: Attempting to setuid as a normal user with RUID 505 at /usr/local/cpanel/Cpanel/AccessIds/SetUids.pm line 89.
        Cpanel::AccessIds::SetUids::_log_and_die_if_not_root() called at /usr/local/cpanel/Cpanel/AccessIds/SetUids.pm line 66
        Cpanel::AccessIds::SetUids::setuids("xxxxxxxx") called at bin/apitool.pl line 83
        bin::apitool::run("--user=xxxxxxxx", "--output=json", "Mysql", "create_database", "name=336") called at bin/apitool.pl line 29
die [uapi] setuids failed: Attempting to setuid as a normal user with RUID 505
exit level [die] [pid=31411] (setuids failed: Attempting to setuid as a normal user with RUID 505)
[2017-12-29 12:47:16 -0500] die [uapi] setuids failed: Attempting to setuid as a normal user with RUID 505 at /usr/local/cpanel/Cpanel/AccessIds/SetUids.pm line 89.
        Cpanel::AccessIds::SetUids::_log_and_die_if_not_root() called at /usr/local/cpanel/Cpanel/AccessIds/SetUids.pm line 66
        Cpanel::AccessIds::SetUids::setuids("xxxxxxxx") called at bin/apitool.pl line 83
        bin::apitool::run("--user=xxxxxxxx", "--output=json", "Mysql", "create_user", "name=336", "password=OTI3YTliNTdm") called at bin/apitool.pl line 29
die [uapi] setuids failed: Attempting to setuid as a normal user with RUID 505
exit level [die] [pid=31412] (setuids failed: Attempting to setuid as a normal user with RUID 505)
[2017-12-29 12:47:16 -0500] die [uapi] setuids failed: Attempting to setuid as a normal user with RUID 505 at /usr/local/cpanel/Cpanel/AccessIds/SetUids.pm line 89.
        Cpanel::AccessIds::SetUids::_log_and_die_if_not_root() called at /usr/local/cpanel/Cpanel/AccessIds/SetUids.pm line 66
        Cpanel::AccessIds::SetUids::setuids("xxxxxxxx") called at bin/apitool.pl line 83
        bin::apitool::run("--user=xxxxxxxx", "Mysql", "set_privileges_on_database", "user=336", "database=336", "privileges=ALL%20PRIVILEGES") called at bin/apitool.pl line 29
die [uapi] setuids failed: Attempting to setuid as a normal user with RUID 505
exit level [die] [pid=31413] (setuids failed: Attempting to setuid as a normal user with RUID 505)

==============
Database & User: 336
Database password: OTI3YTliNTdm
==============

I have also tried your suggestion:

Hi,

DId you try to execute the comands manually that you are using in the script. Check if they work when you manually execute them..

And after the tests, I have understood that the code works, however it have to be executed with hardcoded cPanel username instead of the variable, I am trying to set with

$1

it seems this is the only part that's wrong. Could you please assist me with this or at least provide idea how to proceed further.

Note that if, I execute the code with hardcoded cPanel username, the following output messages occur:

Command:
uapi --user="xxxxxxxx" --output=json Mysql create_database name="$db"
Output:
{"result":{"errors":null,"messages":null,"status":1,"metadata":{},"data":null},"func":"create_database","apiversion":3,"module":"Mysql"

Command:
 uapi --user="xxxxxxxx" --output=json Mysql create_user name="$db" password="$password"
Output:
{"apiversion":3,"func":"create_user","module":"Mysql","result":{"errors":null,"data":null,"metadata":{},"status":1,"messages":null}}

Command:
uapi --user="xxxxxxxx" Mysql set_privileges_on_database user="$db" database="$db" privileges=ALL%20PRIVILEGES
Output:
---
apiversion: 3
func: set_privileges_on_database
module: Mysql
result:
  data: ~
  errors: ~
  messages: ~
  metadata: {}

  status: 1

However even with this output the database and the user are created and the user have all privileges over the database.

I feel really lost here . . . thank you.

 

[KrasniyRus]

Hey, I have reviewed the script more and it occur that the variable i from the for loop is not transferred to the code below. I have simply moved the "done" part of the for loop in the end of the script and everything now works properly. Thank you 24x7server for the insight!

 

[KrasniyRus]

Another problem occur! When the script is executed as root the same works perfectly. However I have created a shortcut of the script at:

/usr/local/sbin/

and named the script db, so it can be triggered only by writing db in the console it is once again executable if the user is ROOT.

On the server, I am testing this there is CloudLinux with CageFS, when I add the db shortcut to the CageFS and try to execute the script as user on the server the following output is available:

The cPanel username is xxxxxxxx
[2017-12-29 15:11:50 -0600] die [uapi] setuids failed: Attempting to setuid as a normal user with RUID 738 at /usr/local/cpanel/Cpanel/AccessIds/SetUids.pm line 89.
        Cpanel::AccessIds::SetUids::_log_and_die_if_not_root() called at /usr/local/cpanel/Cpanel/AccessIds/SetUids.pm line 66
        Cpanel::AccessIds::SetUids::setuids("xxxxxxxx") called at bin/apitool.pl line 83
        bin::apitool::run("--user=xxxxxxxx", "Mysql", "get_restrictions", "--output=json") called at bin/apitool.pl line 29
die [uapi] setuids failed: Attempting to setuid as a normal user with RUID 738
exit level [die] [pid=755688] (setuids failed: Attempting to setuid as a normal user with RUID 738)
[2017-12-29 15:11:50 -0600] die [uapi] setuids failed: Attempting to setuid as a normal user with RUID 738 at /usr/local/cpanel/Cpanel/AccessIds/SetUids.pm line 89.
        Cpanel::AccessIds::SetUids::_log_and_die_if_not_root() called at /usr/local/cpanel/Cpanel/AccessIds/SetUids.pm line 66
        Cpanel::AccessIds::SetUids::setuids("xxxxxxxx") called at bin/apitool.pl line 83
        bin::apitool::run("--user=xxxxxxxx", "--output=json", "Mysql", "create_database", "name=113") called at bin/apitool.pl line 29
die [uapi] setuids failed: Attempting to setuid as a normal user with RUID 738
exit level [die] [pid=755703] (setuids failed: Attempting to setuid as a normal user with RUID 738)
[2017-12-29 15:11:50 -0600] die [uapi] setuids failed: Attempting to setuid as a normal user with RUID 738 at /usr/local/cpanel/Cpanel/AccessIds/SetUids.pm line 89.
        Cpanel::AccessIds::SetUids::_log_and_die_if_not_root() called at /usr/local/cpanel/Cpanel/AccessIds/SetUids.pm line 66
        Cpanel::AccessIds::SetUids::setuids("xxxxxxxx") called at bin/apitool.pl line 83
        bin::apitool::run("--user=xxxxxxxx", "--output=json", "Mysql", "create_user", "name=113", "password=MDcyNWViYmQ4") called at bin/apitool.pl line 29
die [uapi] setuids failed: Attempting to setuid as a normal user with RUID 738
exit level [die] [pid=755718] (setuids failed: Attempting to setuid as a normal user with RUID 738)
[2017-12-29 15:11:50 -0600] die [uapi] setuids failed: Attempting to setuid as a normal user with RUID 738 at /usr/local/cpanel/Cpanel/AccessIds/SetUids.pm line 89.
        Cpanel::AccessIds::SetUids::_log_and_die_if_not_root() called at /usr/local/cpanel/Cpanel/AccessIds/SetUids.pm line 66
        Cpanel::AccessIds::SetUids::setuids("xxxxxxxx") called at bin/apitool.pl line 83
        bin::apitool::run("--user=xxxxxxxx", "Mysql", "set_privileges_on_database", "user=113", "database=113", "privileges=ALL%20PRIVILEGES") called at bin/apitool.pl line 29
die [uapi] setuids failed: Attempting to setuid as a normal user with RUID 738
exit level [die] [pid=755728] (setuids failed: Attempting to setuid as a normal user with RUID 738)

And no database or user are created. Note that, I have replaced the cPanel username once again with "xxxxxxxx" instead the real cPanel username. I guess that the issue is caused due to the fact that there are calls to the global server /usr/ directory according to the output above and the cPanel user do not have access to there. Is there any workaround on this if this is the issue?


Once again any insights are helpful!

 

[24x7server]

Hi,

Check the below URL and try to follow up with what has mentioned and check if the error persists:

CloudLinux Documentation

 

[KrasniyRus]

Hey, I have actually reviewed the following documentation:

CloudLinux Documentation

However the script is not executing if, I wrap the whole code inside "/bin/su - $USERNAME -c" per their documentation.

I want the CageFS to be enabled and the code to be executed. I have modified the code to the following:

#!/bin/bash

for i in `stat -c "%U" .`; do echo "The cPanel username is" $i

/bin/su - $i  -c"cpprefix=$(uapi --user="$i" Mysql get_restrictions --output=json | sed -e 's/^.*"prefix":"\([^"]*\)".*$/\1/')
rndm=`shuf -i 100-999 -n 1`
password=`date +%s | sha256sum | base64 | head -c 12 ; echo`
db="$cpprefix""$rndm"

uapi --user="$i" --output=json Mysql create_database name="$db"
uapi --user="$i" --output=json Mysql create_user name="$db" password="$password"
uapi --user="$i" Mysql set_privileges_on_database user="$db" database="$db" privileges=ALL%20PRIVILEGES"

clear

ls -la

printf "\n\e[33m=======Database details=======\e\n"
printf "\e[36mDatabase & User:\e[0m $db\n"
printf "\e[36mDatabase password:\e[0m $password\n"
printf "\e[33m=======Database details=======\e[0m\n"

done

But the following messages occur:

The cPanel username is xxxxxxxx
[2017-12-30 05:10:10 -0600] die [uapi] setuids failed: Attempting to setuid as a normal user with RUID 738 at /usr/local/cpanel/Cpanel/AccessIds/SetUids.pm line 89.
        Cpanel::AccessIds::SetUids::_log_and_die_if_not_root() called at /usr/local/cpanel/Cpanel/AccessIds/SetUids.pm line 66
        Cpanel::AccessIds::SetUids::setuids("xxxxxxxx") called at bin/apitool.pl line 83
        bin::apitool::run("--user=xxxxxxxx", "--output=json", "Mysql", "create_database", "name=") called at bin/apitool.pl line 29
die [uapi] setuids failed: Attempting to setuid as a normal user with RUID 738
exit level [die] [pid=21845] (setuids failed: Attempting to setuid as a normal user with RUID 738)
[2017-12-30 05:10:10 -0600] die [uapi] setuids failed: Attempting to setuid as a normal user with RUID 738 at /usr/local/cpanel/Cpanel/AccessIds/SetUids.pm line 89.
        Cpanel::AccessIds::SetUids::_log_and_die_if_not_root() called at /usr/local/cpanel/Cpanel/AccessIds/SetUids.pm line 66
        Cpanel::AccessIds::SetUids::setuids("xxxxxxxx") called at bin/apitool.pl line 83
        bin::apitool::run("--user=xxxxxxxx", "--output=json", "Mysql", "create_user", "name=", "password=") called at bin/apitool.pl line 29
die [uapi] setuids failed: Attempting to setuid as a normal user with RUID 738
exit level [die] [pid=21855] (setuids failed: Attempting to setuid as a normal user with RUID 738)
[2017-12-30 05:10:10 -0600] die [uapi] setuids failed: Attempting to setuid as a normal user with RUID 738 at /usr/local/cpanel/Cpanel/AccessIds/SetUids.pm line 89.
        Cpanel::AccessIds::SetUids::_log_and_die_if_not_root() called at /usr/local/cpanel/Cpanel/AccessIds/SetUids.pm line 66
        Cpanel::AccessIds::SetUids::setuids("xxxxxxxx") called at bin/apitool.pl line 83
        bin::apitool::run("--user=xxxxxxxx", "Mysql", "set_privileges_on_database", "user=", "database=", "privileges=ALL%20PRIVILEGES") called at bin/apitool.pl line 29
die [uapi] setuids failed: Attempting to setuid as a normal user with RUID 738
exit level [die] [pid=21864] (setuids failed: Attempting to setuid as a normal user with RUID 738)

As far as, I can understand with enabled CageFS and the latest change over the script code the variable $i once again is not in the scope of the script, thus the messages occur. Thank you for the CloudLinux documentation, I think we might be on the right course here!

 

[cPanelMichael]

die [uapi] setuids failed: Attempting to setuid as a normal user with RUID 738

Hello,

Could you let us know the contents of the /etc/sudoers file on this system?

Thank you.

 

[KrasniyRus]

Hello Michael,

Hello,

Could you let us know the contents of the /etc/sudoers file on this system?

Thank you.

Yes, of course! The content of the file in question is:

root@xxx [~]# cat /etc/sudoers
## Sudoers allows particular users to run various commands as
## the root user, without needing the root password.
##
## Examples are provided at the bottom of the file for collections
## of related commands, which can then be delegated out to particular
## users or groups.
##
## This file must be edited with the 'visudo' command.

## Host Aliases
## Groups of machines. You may prefer to use hostnames (perhaps using
## wildcards for entire domains) or IP addresses instead.
# Host_Alias     FILESERVERS = fs1, fs2
# Host_Alias     MAILSERVERS = smtp, smtp2

## User Aliases
## These aren't often necessary, as you can use regular groups
## (ie, from files, LDAP, NIS, etc) in this file - just use %groupname
## rather than USERALIAS
# User_Alias ADMINS = jsmith, mikem


## Command Aliases
## These are groups of related commands...

## Networking
# Cmnd_Alias NETWORKING = /sbin/route, /sbin/ifconfig, /bin/ping, /sbin/dhclient, /usr/bin/net, /sbin/iptables, /usr/bin/rfcomm, /usr/bin/wvdial, /sbin/iwconfig, /sbin/mii-tool

## Installation and management of software
# Cmnd_Alias SOFTWARE = /bin/rpm, /usr/bin/up2date, /usr/bin/yum

## Services
# Cmnd_Alias SERVICES = /sbin/service, /sbin/chkconfig

## Updating the locate database
# Cmnd_Alias LOCATE = /usr/bin/updatedb

## Storage
# Cmnd_Alias STORAGE = /sbin/fdisk, /sbin/sfdisk, /sbin/parted, /sbin/partprobe, /bin/mount, /bin/umount

## Delegating permissions
# Cmnd_Alias DELEGATING = /usr/sbin/visudo, /bin/chown, /bin/chmod, /bin/chgrp

## Processes
# Cmnd_Alias PROCESSES = /bin/nice, /bin/kill, /usr/bin/kill, /usr/bin/killall

## Drivers
# Cmnd_Alias DRIVERS = /sbin/modprobe

# Defaults specification

#
# Refuse to run if unable to disable echo on the tty.
#
Defaults   !visiblepw

#
# Preserving HOME has security implications since many programs
# use it when searching for configuration files. Note that HOME
# is already set when the the env_reset option is enabled, so
# this option is only effective for configurations where either
# env_reset is disabled or HOME is present in the env_keep list.
#
Defaults    always_set_home

Defaults    env_reset
Defaults    env_keep =  "COLORS DISPLAY HOSTNAME HISTSIZE INPUTRC KDEDIR LS_COLORS"
Defaults    env_keep += "MAIL PS1 PS2 QTDIR USERNAME LANG LC_ADDRESS LC_CTYPE"
Defaults    env_keep += "LC_COLLATE LC_IDENTIFICATION LC_MEASUREMENT LC_MESSAGES"
Defaults    env_keep += "LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER LC_TELEPHONE"
Defaults    env_keep += "LC_TIME LC_ALL LANGUAGE LINGUAS _XKB_CHARSET XAUTHORITY"

#
# Adding HOME to env_keep may enable a user to run unrestricted
# commands via sudo.
#
# Defaults   env_keep += "HOME"

Defaults    secure_path = /sbin:/bin:/usr/sbin:/usr/bin

## Next comes the main part: which users can run what software on
## which machines (the sudoers file can be shared between multiple
## systems).
## Syntax:
##
##      user    MACHINE=COMMANDS
##
## The COMMANDS section may have other options added to it.
##
## Allow root to run any commands anywhere
root    ALL=(ALL)       ALL

## Allows members of the 'sys' group to run networking, software,
## service management apps and more.
# %sys ALL = NETWORKING, SOFTWARE, SERVICES, STORAGE, DELEGATING, PROCESSES, LOCATE, DRIVERS

## Allows people in group wheel to run all commands
# %wheel        ALL=(ALL)       ALL

## Same thing without a password
# %wheel        ALL=(ALL)       NOPASSWD: ALL

## Allows members of the users group to mount and unmount the
## cdrom as root
# %users  ALL=/sbin/mount /mnt/cdrom, /sbin/umount /mnt/cdrom

## Allows members of the users group to shutdown this system
# %users  localhost=/sbin/shutdown -h now

## Read drop-in files from /etc/sudoers.d (the # here does not mean a comment)
#includedir /etc/sudoers.d
root@xxxx [~]#

Thank you in advance

 

[cPanelMichael]

Hello,

I'm not seeing anything that stands out. Feel free to open a support ticket using the link in my signature and we can take a closer look.

Thank you.

 

[KrasniyRus]

It occur that the following piece of code:

 --user="$i"

Is not needed when the database is created via user. The cPanel support assist with this and now the script works properly!

Thank you!

 

[cPanelMichael]

Hello,

I'm glad to see the issue was solved. Thank you for sharing the outcome.

 

[IndicHosts.net]

It occur that the following piece of code:

 --user="$i"

Is not needed when the database is created via user. The cPanel support assist with this and now the script works properly!

Thank you!

If possible share the final working script version, TIA

 

[cPanelMichael]

If possible share the final working script version, TIA

Hi @IndicHosts.net,

As I understand, it's the exact same script, just without --user="$i" flag in the UAPI commands. Since the script already logs in as the account username, there's no need to call the user flag.

Thank you.