Resolved Run bash script as root from extension

[a_guy]

Hello,

What is the recommended way (security wise) to launch a bash script as root from a Plesk extension from customer UI?

Thanks

 

[weltonw]

Be careful about user input validation - the ideal way is pm_Cli's callSbin function, which will escalate a script's permissions to root

 

[nobody002]

I'm looking for a way to work

thank you very much

 

[weltonw]

Did you read my solution?

 

[a_guy]

Be careful about user input validation - the ideal way is pm_Cli's callSbin function, which will escalate a script's permissions to root

I assume you mean pm_ApiCli::callSbin.
The script runs as psaadm, shouldn't it run as root?

IndexController.php:

<?php
class IndexController extends pm_Controller_Action
{

    public function myTestAction()
    {
        $result = pm_ApiCli::callSbin("myscript.sh");
        $this->redirect('index/index');
    }
}

/usr/local/psa/admin/bin/modules/my-plugin/myscript.sh:

#!/bin/bash

systemctl stop fail2ban.service &> /tmp/mytest.txt
whoami >> /tmp/mytest.txt

and the result

[root@plesk ~]# cat /tmp/mytest.txt
Failed to stop fail2ban.service: Interactive authentication required.
See system logs and 'systemctl status fail2ban.service' for details.
psaadm

Thanks

 

[weltonw]

Yeah, sorry.

You have to put it in the /sbin folder in your plugin. Take a look at the example extensions

 

[a_guy]

@john0001, it works with symlink to wrapper.

Thanks.

 

[a_guy]

I assume that on extension installation the sbin symlink should be created, in post-install.php.

Is there any sample code of creating a symlink from PHP using Plesk API?

Thank.

 

[weltonw]

No. Put the files in /sbin, and it will automatically work on installatino