Guide to API Privilege Escalation - Configuration Files - Knowledgebase

Introduction

The configuration file defines two configuration settings that determine your application's behavior.

The root user must own the file.
Set the file to use 0700 permissions (writable, readable, and executable by owner).
Store this file with the application file in a new namespace in the /usr/local/cpanel/bin/admin/ directory.
- The namespace and the directory name that you create in /usr/local/cpanel/bin/admin/must be identical.
- For example, you could create the TheNameSpace namespace, the /usr/local/cpanel/bin/admin/TheNameSpace/ directory, and TheModule module and TheModule.conf configuration file in that directory.

File

Your application's configuration file should resemble the following example:

mode=full
allowed_parents=/usr/local/cpanel/cpanel

This file contains the following settings:

Setting	Type	Description	Possible values	Example
mode	string	Required The mode of data behavior to use.	full simple Notes: For historical reasons, this setting defaults to simple, but we stronglyrecommend that you use full. We recommend that you use theCpanel::AdminBin::Script::Callmodule when you create AdminBinapplications for cPanel & WHM version 54 and later. This modulerequires a mode value of full. For more information, read theMode behavior section below.	full
allowed_parents	string	A list of the binaries that can call these routines. If not given, anything can invoke the module. For that reason, it is recommended always to specify /usr/local/cpanel/cpanel for this value. Note: If the/var/cpanel/skipparentcheckfile exists, the system ignores the allowed_parents setting. We strongly recommend that you do not create this file on production systems.	A comma-separated list of compiled binaries.	/usr/local/cpanel/cpanel

Setting

Type

Description

Possible values

Example

mode

string

Required

The mode of data behavior to use.

full
simple

Notes:

For historical reasons, this setting defaults to simple, but we stronglyrecommend that you use full.
We recommend that you use theCpanel::AdminBin::Script::Callmodule when you create AdminBinapplications for cPanel & WHM version 54 and later. This modulerequires a mode value of full.
For more information, read theMode behavior section below.

full

allowed_parents

string

A list of the binaries that can call these routines. If not given, anything can invoke the module. For that reason, it is recommended always to specify /usr/local/cpanel/cpanel for this value.

Note:

If the/var/cpanel/skipparentcheckfile exists, the system ignores the allowed_parents setting. We strongly recommend that you do not create this file on production systems.

A comma-separated list of compiled binaries.

/usr/local/cpanel/cpanel

Mode behavior

The mode setting modifies the way in which your application handles the following parameters. In all cases, the first line of STDIN is a set of space-separated values.

Parameter	Full mode (recommended)	Simple mode
uid	Passed in as ARGV[0].	Passed as the first item to STDIN.
function	Passed as the first item to STDIN.	Passed as the second item to STDIN.
data	The function passes data as the second item to STDIN, which interprets it as a space-separated list of scalar values. To send the module extended data, include it after the first line of STDIN. You may format this extended data in a serialized data format, such as JSON. Passed as the third item to STDIN . The function Interprets this data as a space-separated list of scalars.

Knowledgebase

Categories

Categories