privilege escalation in hook

[gnusys]

I have a hook in the http domain log parse and I followed the same example used in the doc

Guide to Standardized Hooks - Privilege Escalation - Software Development Kit - cPanel Documentation

Exact command used to register the hook:

/usr/local/cpanel/bin/manage_hooks add script /var/cpanel/myapp/do_extra.php --manual --category Stats --event RunUser --stage pre --exectype script --escalateprivs



[~]# cat /usr/local/cpanel/3rdparty/bin/reload_nginx.sh
#!/bin/bash
/usr/sbin/nginx -s reload
echo '1 nginX::reloaded'


But on running runweblogs I get the following error


info [cpanellogd] A script hook attempted to escalate privileges when escalation was not permitted in Stats::RunUser with the script /usr/local/cpanel/3rdparty/bin/reload_nginx.sh

What am I doing wrong?

 

[gnusys]

Sorry exact command to register hook was:

[~]# /usr/local/cpanel/bin/manage_hooks add script /usr/local/cpanel/3rdparty/bin/reload_nginx.sh --manual --category Stats --event RunUser --stage post --exectype script --escalateprivs

 

[gnusys]

I think the example you people have given in Guide to Standardized Hooks - Privilege Escalation - Software Development Kit - cPanel Documentation

is itself wrong

Examples
HTTP domain logs are parsed as the cPanel account that owns the domain. In this example, the /var/cpanel/myapp/do_extra.pl script will run as the root user immediately before the HTTP domain logs parse

Because in Guide to Standardized Hooks - Stats Functions - Software Development Kit - cPanel Documentation

The Escalate Privileges Attribute:
is set with a red X mark . Means privilege escalation wont work for RunUser

Which the example contradicts.


Please confirm

 

[cPanelMichael]

Hello

Could you open a support ticket using the link in my signature so we can take a closer look? You can post the ticket number here so we can update this thread with the outcome.

Thank you.

 

[cPanelKenneth]

Hello,

I filed case DOC-6832 to get the documentation clarified.

Thank you.