Creating a Plesk extension and elevating the execution of Bash scripts

For a client we had a Bash script to automate a few things. That worked pretty well, but the downside was that we had to SSH into a server and run a command with certain parameters as root. Therefore the idea came up to build a Plesk extension and call the script from there.

Building a Plesk extension was fairly simple. The documentation is extensive and up to date. So creating a simple extension page in the Plesk GUI didn't take much effort. The documentation however refers to Zend Framework 1, so that's a bit like going back in time.

I started building a form with some multi select boxes that would then call a Bash script to perform the actual logic. The Bash script however needed to be executed as root, as some of the files it needed to modify were owned by root. Plesk offers a class called pm_ApiCli. With it you can call scripts that are placed in /usr/local/psa/admin/sbin/ or in your extension's sbin folder. Problem however is that if you perform a pm_ApiCli::callSbin call, the script is executed as the psaadm user. That gave me a few problems: 1. The psaadm user doesn't have a tty, 2. The psaadm user doesn't have a home directory e.g. to store SSH keys, 3. The user can't modify files owned by root. Therefore I had to find a way to make Plesk execute a script as the root user.

Luckily someone else had this problem too. I found this thread where you basically call a wrapper script that's placed in /usr/local/psa/admin/sbin/wrapper. Plesk provides this wrapper to elevate priviledges of a script. A simple test with whoami confirmed it ran as the root user. Nice, it works!

comments powered by Disqus