Each of my reseller accounts has this file (reseller_RESELLERSUSERS_root) located in ~/.cpanel/datastore. It seems to contain a list of all accounts on the server. Although it is a binary file it is easy to display with less and it is owned by the reseller and visible to the reseller. It seems to me this is somewhat of a security issue -- I don't think anyone but root should have access to a list of all accounts. Is there a reason this file should exist? In addition to that file there is a file call reseller_RESELLERSUSERS_<reselleracct> that contains a list of accounts for that reseller. I don't have a problem with that since the reseller should already know about his sub-accounts. Dave G.
These files were being created by direct logins to cPanel using a combination of the reseller user name and the root password. We adjusted the product to no longer create these, nor update them if they exist. The /usr/local/cpanel/bin/purge_old_datastores utility can be used to remove existing files. The updates are present in: cPanel 11.25 ( EDGE ) builds 36736+ cPanel 11.24.4 builds 36737+ Thank you for bringing this matter to our attention.
I'm using cPanel 11.24.4-R36167. The script you mentioned doesn't clear the files I am concerned about in the version of cPanel I am running. Is it safe to just delete them directly? Or are there other things that might expect the file to exist. Dave G.
The script does not clear existing files. Feel welcome to delete these files manually, but until you are on one of the builds mentioned in my previous post, expect these files to become re-created.
