gnusys

Well-Known Member
Jan 18, 2013
61
19
58
cPanel Access Level
DataCenter Provider
I have a hook in the http domain log parse and I followed the same example used in the doc

Guide to Standardized Hooks - Privilege Escalation - Software Development Kit - cPanel Documentation

Exact command used to register the hook:

/usr/local/cpanel/bin/manage_hooks add script /var/cpanel/myapp/do_extra.php --manual --category Stats --event RunUser --stage pre --exectype script --escalateprivs



[~]# cat /usr/local/cpanel/3rdparty/bin/reload_nginx.sh
#!/bin/bash
/usr/sbin/nginx -s reload
echo '1 nginX::reloaded'


But on running runweblogs I get the following error


info [cpanellogd] A script hook attempted to escalate privileges when escalation was not permitted in Stats::RunUser with the script /usr/local/cpanel/3rdparty/bin/reload_nginx.sh

What am I doing wrong?
 

gnusys

Well-Known Member
Jan 18, 2013
61
19
58
cPanel Access Level
DataCenter Provider
Sorry exact command to register hook was:

[~]# /usr/local/cpanel/bin/manage_hooks add script /usr/local/cpanel/3rdparty/bin/reload_nginx.sh --manual --category Stats --event RunUser --stage post --exectype script --escalateprivs
 

gnusys

Well-Known Member
Jan 18, 2013
61
19
58
cPanel Access Level
DataCenter Provider
I think the example you people have given in Guide to Standardized Hooks - Privilege Escalation - Software Development Kit - cPanel Documentation

is itself wrong

Examples
HTTP domain logs are parsed as the cPanel account that owns the domain. In this example, the /var/cpanel/myapp/do_extra.pl script will run as the root user immediately before the HTTP domain logs parse

Because in Guide to Standardized Hooks - Stats Functions - Software Development Kit - cPanel Documentation

The Escalate Privileges Attribute:
is set with a red X mark . Means privilege escalation wont work for RunUser

Which the example contradicts.


Please confirm
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,904
2,237
463
Hello :)

Could you open a support ticket using the link in my signature so we can take a closer look? You can post the ticket number here so we can update this thread with the outcome.

Thank you.
 

cPanelKenneth

cPanel Development
Staff member
Apr 7, 2006
4,607
79
458
cPanel Access Level
Root Administrator
Hello,

I filed case DOC-6832 to get the documentation clarified.

Thank you.