The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

reseller_RESELLERSUSERS_root ?

Discussion in 'General Discussion' started by dkg, Jun 13, 2009.

  1. dkg

    dkg Member

    Joined:
    Aug 2, 2004
    Messages:
    10
    Likes Received:
    0
    Trophy Points:
    1
    Each of my reseller accounts has this file (reseller_RESELLERSUSERS_root) located in ~/.cpanel/datastore. It seems to contain a list of all accounts on the server. Although it is a binary file it is easy to display with less and it is owned by the reseller and visible to the reseller. It seems to me this is somewhat of a security issue -- I don't think anyone but root should have access to a list of all accounts. Is there a reason this file should exist?

    In addition to that file there is a file call reseller_RESELLERSUSERS_<reselleracct> that contains a list of accounts for that reseller. I don't have a problem with that since the reseller should already know about his sub-accounts.

    Dave G.
     
  2. cPanelDavidG

    cPanelDavidG Technical Product Specialist

    Joined:
    Nov 29, 2006
    Messages:
    11,279
    Likes Received:
    8
    Trophy Points:
    38
    Location:
    Houston, TX
    cPanel Access Level:
    Root Administrator
    These files were being created by direct logins to cPanel using a combination of the reseller user name and the root password. We adjusted the product to no longer create these, nor update them if they exist. The /usr/local/cpanel/bin/purge_old_datastores utility can be used to remove existing files.

    The updates are present in:

    cPanel 11.25 ( EDGE ) builds 36736+
    cPanel 11.24.4 builds 36737+

    Thank you for bringing this matter to our attention.
     
  3. dkg

    dkg Member

    Joined:
    Aug 2, 2004
    Messages:
    10
    Likes Received:
    0
    Trophy Points:
    1
    I'm using cPanel 11.24.4-R36167. The script you mentioned doesn't clear the files I am concerned about in the version of cPanel I am running.

    Is it safe to just delete them directly? Or are there other things that might expect the file to exist.

    Dave G.
     
  4. cPanelDavidG

    cPanelDavidG Technical Product Specialist

    Joined:
    Nov 29, 2006
    Messages:
    11,279
    Likes Received:
    8
    Trophy Points:
    38
    Location:
    Houston, TX
    cPanel Access Level:
    Root Administrator
    The script does not clear existing files. Feel welcome to delete these files manually, but until you are on one of the builds mentioned in my previous post, expect these files to become re-created.
     

Share This Page