The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Files with stephen.chaffins and root:32015

Discussion in 'General Discussion' started by jparker85302, Apr 6, 2013.

  1. jparker85302

    jparker85302 Registered

    Joined:
    Mar 27, 2013
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    I was following directions in the "10 tips for making your cpanel and WHM servers more secure" using
    > find / -nouser -o -nogroup>> no_owner.txt
    and found a large list of files related to stephen.chaffins......
    I did a search on him and apparently he plays an important role at cpanel so I am sure there is nothing unsecure about the situation but could you please explain the role of him being an owner and having files/directories, ownership:group settings in my account of cpanel?
    For example
    root@host [/var/cpanel/bandwidth]# ll cptkt3933987_stephen.chaffins.*
    -rw-r--r-- 1 root root 8 Mar 30 23:34 cptkt3933987_stephen.chaffins.remainder
    root@host [/var/cpanel/bandwidth]# ll cptkt3933987_stephen.chaffins-*.*
    -rw-r----- 1 root 32015 281104 Mar 30 23:34 cptkt3933987_stephen.chaffins-all-peak.rrd
    -rw-r----- 1 root 32015 17504 Mar 30 23:34 cptkt3933987_stephen.chaffins-all-rate.rrd
    -rw-r----- 1 root 32015 281104 Mar 30 23:34 cptkt3933987_stephen.chaffins-ftp-peak.rrd
    -rw-r----- 1 root 32015 17504 Mar 30 23:34 cptkt3933987_stephen.chaffins-ftp-rate.rrd
    -rw-r----- 1 root 32015 281104 Mar 30 23:34 cptkt3933987_stephen.chaffins-http-peak.rrd

    Also included in the generated no_owner.txt were files like the examples given below. In this particular case, I know that topkeiei is an owner on the server. Why would he be listed in no-owner.txt?

    -rw-r----- 1 root topkeiei 562 Apr 6 17:00 topkeiei
    -rw-r----- 1 root topkeiei 5408 Apr 6 17:00 topkeiei.5min
    -rw-r----- 1 root topkeiei 281104 Apr 6 17:00 topkeiei-all-peak.rrd
    -rw-r----- 1 root topkeiei 17504 Apr 6 17:00 topkeiei-all-rate.rrd
    -rw-r----- 1 root topkeiei 439 Apr 6 17:00 top-keiei.com
    -rw-r----- 1 root topkeiei 4467 Apr 6 17:00 top-keiei.com.5min
    -rw-r----- 1 root topkeiei 281104 Apr 6 17:00 top-keiei.com-all-peak.rrd
    -rw-r----- 1 root topkeiei 17504 Apr 6 17:00 top-keiei.com-all-rate.rrd
    -rw-r----- 1 root topkeiei 3160 Apr 6 17:00 top-keiei.com.hour
    -rw-r----- 1 root topkeiei 281104 Apr 6 17:00 top-keiei.com-http-peak.rrd
    -rw-r----- 1 root topkeiei 17504 Apr 6 17:00 top-keiei.com-http-rate.rrd

    Thanks,
    Jim
     
  2. cPanelJared

    cPanelJared Technical Analyst
    Staff Member

    Joined:
    Feb 25, 2010
    Messages:
    1,842
    Likes Received:
    18
    Trophy Points:
    38
    Location:
    Houston, TX
    cPanel Access Level:
    Root Administrator
    Stephen Chaffins is a support analyst with cPanel, as am I, and he worked on ticket 3933987.

    We have developed a new system for logging into customer servers that prevents us analysts from ever needing to see or use a customer's root password. To accomplish that, our system creates a reseller user and gives that reseller user full root access. That way, we can log into the WebHost Manager and have full root access, without needing the actual root password.

    When we log out of a server at the conclusion of a ticket, the reseller I just mentioned is deleted automatically. When you delete an account, its bandwidth files, if they exist, are not deleted. This is actually on purpose.

    cptkt3933987_stephen.chaffins was a reseller user that was created automatically by our log-in system for ticket 3933987, as the name implies, and it was deleted at the conclusion of ticket 3933987. That is why the files named for that user are owned by a group that does not exist (signified by the numeric value of the group, 32015) - the group for that reseller user was deleted.

    What you are seeing is nothing but artifacts of the reseller user that our log-in system automatically created for Stephen so he could log into the WHM to work on your ticket. That reseller user only exists very briefly and is automatically deleted for security, but bandwidth files are not automatically deleted when an account is deleted, which is the same as what happens when you delete an account.

    I am not certain why your find command listed files that do have an owner, but I hope this helps to clarify the bandwidth files that belonged to a reseller that no longer exists.
     
  3. arunsv84

    arunsv84 Well-Known Member

    Joined:
    Oct 20, 2008
    Messages:
    373
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    127.0.0.1
    cPanel Access Level:
    Root Administrator
    Hi Jared ,

    Thanks for the clarification. I was also wondering about the exact use of that files :)

    Cheers!!!
     
  4. jparker85302

    jparker85302 Registered

    Joined:
    Mar 27, 2013
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Jared,
    Thanks for you answer. It clarified a lot.
    Regards,
    Jim
     
Loading...

Share This Page