Guide to Standardized Hooks - Privilege Escalation

Introduction

Scripted hook action code that runs as the cPanel user can escalate that user's privileges.

  • Hookable events that occur in code that runs as the cPanel user can escalate privileges. 
  • script must contain the hook action code in order to escalate privileges. Hook action code in Perl modules always executes as the default user for that event.

Warning:

Do not use this feature unless it is necessary. If the hook action code can run as the event's default user, it should do so. Unnecessary privilege escalation can introduce undue risk to the system.

Escalate privileges

If a given Standardized Hook defines the  escalateprivs  descriptor as true, the system will execute the hook action code as the  root  user.

  • Many hookable events already run as the  root user and do not require the  escalateprivs  descriptor.
  • You can set the escalateprivs descriptor through the describe() method or through the manage_hooks utility.

For more information about which events run as which users, read the documentation for that event's category.

Examples

In this example, the  /var/cpanel/myapp/do_extra.pl script will run as the root user immediately before the system updates a user's password:

/usr/local/cpanel/bin/manage_hooks add script /var/cpanel/myapp/do_extra.pl --manual --category Passwd --event ChangePasswd --stage pre --exectype script --escalateprivs
1
2
3
4
5
6
7
8
9
10
11
12
13
sub describe {
    my $hooks = [
        {
            'category'      => 'Passwd',
            'event'         => 'ChangePasswd',
            'stage'         => 'pre',
            'hook'          => '/var/cpanel/myapp/do_extra.pl',
            'exectype'      => 'script',
            'escalateprivs' => 1,
        },
    ];
    return $hooks;
}
  • 10 Users Found This Useful
Was this answer helpful?

Related Articles

The cPanel Interface

For  cPanel  &  WHM  version  58 Overview The cPanel interface is...

User Preferences

For cPanel & WHM version 58 Overview This document outlines how to access your cPanel...

Manage External Authentications

For cPanel & WHM version 58 Overview Manage credentials Additional documentation...

What is cPanelID?

In This Article:  Overview ServicesHow to get a cPanelID cPanelID External...

Guide to cPanel Interface Customization - cPanel Style Development

Introduction You can develop custom styles that modify the appearance of the cPanel interface....