Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Light suspend

Discussion in 'cPanel Developers' started by bole, Apr 23, 2013.

  1. bole

    bole Registered

    Apr 23, 2013
    Likes Received:
    Trophy Points:
    cPanel Access Level:
    DataCenter Provider
    Hi all!

    I need to create a way of "light" account suspend, meaning that users shouldn't be able to login to cPanel but their websites would be accessible. Based on /usr/local/cpanel/scripts/suspendacct I created another script where I commented out .htaccess creation and if called from cli it works. But, I need to be able to call it remotely via some API calls.

    I created /usr/local/cpanel/Cpanel/ in which I call my new script by:
    Cpanel::SafeRun::Simple::saferun('/usr/local/cpanel/scripts/lightsuspendacct', $user);

    The only problem I have is that I'm unable to call my API2 function with root privileges. Whenever I call it with cpanel_xmlapi_user=root I get = PHP Fatal error: Uncaught exception 'Exception' with message 'curl_exec threw error "SSL read: errno -12273"

    I'm using cPanel XMLAPI Client Class v1.0.13 and have no problems in calling XMLAPI calls (createacct, suspendacct, etc) or API2 calls (Park, AddonDomain, etc).

    So, my question is how I can call my "lightsuspendacct" script from outside world with root privileges or maybe, there is a more suitable way of achieving the same thing? (*)

    * - I could add my function in Accounting* files in Cpanel/ dir, but I don't see this as an appropriate way.

  2. KostonConsulting

    KostonConsulting Well-Known Member

    Jun 17, 2010
    Likes Received:
    Trophy Points:
    San Francisco, CA
    cPanel Access Level:
    Root Administrator
    cpanel_xmlapi_user=root is not valid as far as I know as the API1/API2 APIs are executed under cPanel and root doesn't have a cPanel account.

    You should use strace to see exactly what's causing the SSL read error though, just to confirm.

    I'm not aware of a way to create custom XML/JSON API calls so you'll need to use privilege escalation to accomplish this if you want to do this via XML/JSON APIs:

    Privilege Escalation with cPanel API Calls

    Note: If this API can be called by a user, they could call an "unsuspend" API if you create that so you'll need some way to protect against them calling the unsuspend API.

    However, I'm not sure that the above really makes sense. Why not execute the command remotely via SSH so you don't have to deal with privilege escalation?

    Here's a sample PHP SSH command execution class:

    class ExecuteRemote
        private static $host;
        private static $username;
        private static $password;
        private static $error;
        private static $output;
        public static function setup($host, $username=NULL, $password=NULL)
            self::$host = $host;
            self::$username = $username;
            self::$password = $password;
        public static function executeScriptSSH($script)
            // Setup connection string
            $connectionString = self::$host;
            $connectionString = (empty(self::$username) ? $connectionString : self::$username.'@'.$connectionString);
            // Execute script
            $cmd = "ssh $connectionString $script 2>&1";
            self::$output['command'] = $cmd;
            exec($cmd, self::$output, self::$error);
            if (self::$error) {
                throw new Exception ("\nError sshing: ".print_r(self::$output, true));
            return self::$output;
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice