Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

SOLVED cPanel files with no owner?

Discussion in 'Security' started by ItsMattSon, Dec 5, 2016.

  1. ItsMattSon

    ItsMattSon Well-Known Member

    Joined:
    Sep 5, 2016
    Messages:
    140
    Likes Received:
    29
    Trophy Points:
    28
    Location:
    Perth
    cPanel Access Level:
    Root Administrator
    Hi guys,

    In KB document, Tips to Make Your Server More Secure, it says that "A specific user or group should own all files, to restrict access to them". When running the proposed command to identify those files with no owner (find / -nouser -o -nogroup >> no_owner.txt), it makes a pretty extensive list and I'm wondering one question...

    Is it safe to do nothing? Or should the owner on all these files be changed?

    Please advise :)

    Please note that the attached limit is a snippet that only covers a1/4 of the files in the list. Thanks
     

    Attached Files:

  2. quizknows

    quizknows Well-Known Member

    Joined:
    Oct 20, 2009
    Messages:
    986
    Likes Received:
    76
    Trophy Points:
    78
    cPanel Access Level:
    DataCenter Provider
    Usually this happens if files are left after a user is removed. For example if you terminated a cpanel account but it's files were left somewhere else. I see this with session files in /tmp and stuff. 'ls' will show them as a numeric UID/GID instead of a name, which is what find is searching for (files owned by a numeric UID that no longer has a username/account associated with it). Looking at those particular files I wouldn't really be concerned.
     
    cPanelMichael likes this.
  3. ItsMattSon

    ItsMattSon Well-Known Member

    Joined:
    Sep 5, 2016
    Messages:
    140
    Likes Received:
    29
    Trophy Points:
    28
    Location:
    Perth
    cPanel Access Level:
    Root Administrator
    Thanks @quizknows !

    I don't suppose there is some way to confirm whether they actually were files belonging to a removed user? :p

    I assume if they were, I could then also remove them..?
     
  4. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    38,658
    Likes Received:
    1,427
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    The files in the image you provided are located within the /home/.cpanm/work directory. There's a thread on the purpose of those files at:

    https://forums.cpanel.net/threads/is-it-safe-to-delete-these-folders.493751

    Thank you.
     
    ItsMattSon likes this.
  5. quizknows

    quizknows Well-Known Member

    Joined:
    Oct 20, 2009
    Messages:
    986
    Likes Received:
    76
    Trophy Points:
    78
    cPanel Access Level:
    DataCenter Provider
    You run into an interesting situation there. If you have old copies of /etc/passwd you could find the numeric UID and you'd know who owned those files in the past.

    Unless you see things in the list that look like sensitive data I would not sweat it.

    One thing you can run into is if you terminate a user from a linux system, then add one in the future that gets assigned the same numeric UID, it would inherit ownership of the old files. However, on cPanel, you should not run into this unless you manually use "useradd". If you remove a cpanel account and then make a new one, the new one gets new numeric UID/GID and thus will not inherit any old files.
     
    ItsMattSon likes this.
  6. ItsMattSon

    ItsMattSon Well-Known Member

    Joined:
    Sep 5, 2016
    Messages:
    140
    Likes Received:
    29
    Trophy Points:
    28
    Location:
    Perth
    cPanel Access Level:
    Root Administrator
    Hi @cPanelMichael,

    Thanks for that link. If they are auto-regenerated, why would they have no owner? Shouldn't cPanel be the owner?
     
  7. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    38,658
    Likes Received:
    1,427
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    That's in reference to when the directory is removed. If you remove the directory, then the required files would generate automatically as needed.

    Thank you.
     
  8. ItsMattSon

    ItsMattSon Well-Known Member

    Joined:
    Sep 5, 2016
    Messages:
    140
    Likes Received:
    29
    Trophy Points:
    28
    Location:
    Perth
    cPanel Access Level:
    Root Administrator
    Hate to be a stickler but how come they have no owner though? Did they belong to someone I removed on the system, or is it the case with your test system too? :p
     
  9. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    38,658
    Likes Received:
    1,427
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    The likely reason is the user responsible for installing that specific Perl module no longer exists on the system. In the image you attached, it doesn't show the full path to those specific files, or the UID/GID. Could you verify where those files are stored (E.g. /home/.cpanm, /root/.cpanm/, /home/$username/.cpanm/) and post the output of the "stat /path/to/file" command for one of the files?

    Thank you.
     
    ItsMattSon likes this.
  10. ItsMattSon

    ItsMattSon Well-Known Member

    Joined:
    Sep 5, 2016
    Messages:
    140
    Likes Received:
    29
    Trophy Points:
    28
    Location:
    Perth
    cPanel Access Level:
    Root Administrator
    Hi @cPanelMichael,

    It's under / so the path is /.cpanm/

    Here's the stat for a directory and a regular file in there. Hopefully it points us the right way :)

    Code:
    [root@srv /]# stat /.cpanm/work/1462897870.6158/parent-0.234
      File: `/.cpanm/work/1462897870.6158/parent-0.234'
      Size: 4096            Blocks: 8          IO Block: 4096   directory
    Device: 9810b6f1h/2551232241d   Inode: 262365      Links: 5
    Access: (0755/drwxr-xr-x)  Uid: ( 1000/ UNKNOWN)   Gid: ( 1000/ UNKNOWN)
    Access: 2016-12-13 10:16:36.714930200 +0800
    Modify: 2016-05-11 00:31:11.118480000 +0800
    Change: 2016-05-20 06:06:50.938233819 +0800
    [root@srv /]# stat /.cpanm/work/1462897870.6158/parent-0.234/META.json
      File: `/.cpanm/work/1462897870.6158/parent-0.234/META.json'
      Size: 1015            Blocks: 8          IO Block: 4096   regular file
    Device: 9810b6f1h/2551232241d   Inode: 265689      Links: 1
    Access: (0644/-rw-r--r--)  Uid: ( 1000/ UNKNOWN)   Gid: ( 1000/ UNKNOWN)
    Access: 2016-05-20 06:05:54.764077000 +0800
    Modify: 2015-05-28 01:08:13.000000000 +0800
    Change: 2016-05-20 06:05:55.716014045 +0800
     
  11. ItsMattSon

    ItsMattSon Well-Known Member

    Joined:
    Sep 5, 2016
    Messages:
    140
    Likes Received:
    29
    Trophy Points:
    28
    Location:
    Perth
    cPanel Access Level:
    Root Administrator
    Hi @cPanelMichael,

    Sorry for wasting your time! I just learned that cpan/cpanm have nothing to do with cPanel. I thought that was a cPanel directory - My apologies.

    I've removed the directory, I'm quite certain it won't return in that location but if it does then you've already explained why. Thanks again for your help! :)
     
Loading...

Share This Page