The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

WHM API1 batch command permissions changed after server upgrade

Discussion in 'cPanel Developers' started by kduvall, Oct 20, 2015.

  1. kduvall

    kduvall Member

    Joined:
    Nov 24, 2008
    Messages:
    13
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Atlanta, GA
    I'm making an external app that communicates with WHM VIA WHM API 1 calls.

    I've been testing with a reseller account that has basic reseller privileges. The server was running WHM 11.48 and running the batch API call worked fine.

    Code:
    {
      "data" : {
        "result" : [
          {
            "data" : {
              "fifteen" : "0.73",
              "one" : "0.52",
              "five" : "0.74"
            },
            "metadata" : {
              "result" : 1,
              "reason" : "OK",
              "command" : "systemloadavg",
              "version" : 1
            }
          },
          {
            "data" : {
              "version" : "11.48.4.7"
            },
            "metadata" : {
              "result" : 1,
              "reason" : "OK",
              "command" : "version",
              "version" : 1
            }
          },
        ]
      },
      "metadata" : {
        "result" : 1,
        "reason" : "OK",
        "command" : "batch",
        "version" : 1
      }
    }
    But after upgrading the server to WHM 11.52, the batch command returns "permission denied" unless I'm authenticated as root.
    Code:
    {
      "metadata" : {
        "result" : 0,
        "reason" : "Permission denied: You do not have the required privileges to run “batch”.",
        "command" : "batch",
        "version" : 1
      }
    }
    Have the permissions for the batch command changed? I would imagine batch would be available to any authenticated account since each command run with batch will be checked against the authenticated user's privileges.
     
  2. cPDavidN

    cPDavidN cPanel Developer
    Staff Member

    Joined:
    Mar 19, 2013
    Messages:
    42
    Likes Received:
    3
    Trophy Points:
    8
    cPanel Access Level:
    DataCenter Provider
    Hi Keith,

    Can you say exactly which calls you're batching? I've got a test almost set up here but realize I might end up testing something totally different without more information. If you can provide the exact URL of your API call, that would be ideal.

    Thanks,

    David Nielson
    Integration Developer, cPanel
     
  3. kduvall

    kduvall Member

    Joined:
    Nov 24, 2008
    Messages:
    13
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Atlanta, GA
    Sure
    /json-api/batch?api.version=1&command=systemloadavg&command=applist&command=version&command=myprivs
     
  4. cP_Sky

    cP_Sky Registered
    Staff Member

    Joined:
    Oct 21, 2014
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Hi Keith,

    I confirmed that:
    In more recent versions of cPanel, resellers with the same permissions as in the 11.48 versions did receive the noted Permissions Denied message.

    I was able to add the :all permissions to the reseller in /var/cpanel/resellers and confirmed that the command was then accessible to the resellers with :all permissions.

    At this time, I have opened up an internal inquiry for our developers to review and determine if this is an intended change or if any action should be taken on this.
     
  5. kduvall

    kduvall Member

    Joined:
    Nov 24, 2008
    Messages:
    13
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Atlanta, GA
    Awesome, thanks for following up on that. I could break the commands up and run them individually, but that would greatly affect responsiveness of the app. The overhead of the HTTP request is the part that takes the longest. One request usually takes around 0.5 - 1 seconds (give or take) and splitting a batch of commands into individual requests can result in something that should take <1 second taking >= 5 seconds.
     
  6. cP_Sky

    cP_Sky Registered
    Staff Member

    Joined:
    Oct 21, 2014
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Hi Keith,

    This was indeed confirmed as a bug and has been slated to be addressed, once published it will be noted in relation to case #CPANEL-2098 in our ChangeLogs at the URL below:

    Change Logs - Documentation - cPanel Documentation

    Please let us know if you have any further issues in relation to this.
     
  7. kduvall

    kduvall Member

    Joined:
    Nov 24, 2008
    Messages:
    13
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Atlanta, GA
    Thank you so much. I'll keep an eye on the change logs.
     
Loading...

Share This Page