Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

reseller_RESELLERSUSERS_root ?

Discussion in 'General Discussion' started by dkg, Jun 13, 2009.

  1. dkg

    dkg Member

    Joined:
    Aug 2, 2004
    Messages:
    10
    Likes Received:
    0
    Trophy Points:
    151
    Each of my reseller accounts has this file (reseller_RESELLERSUSERS_root) located in ~/.cpanel/datastore. It seems to contain a list of all accounts on the server. Although it is a binary file it is easy to display with less and it is owned by the reseller and visible to the reseller. It seems to me this is somewhat of a security issue -- I don't think anyone but root should have access to a list of all accounts. Is there a reason this file should exist?

    In addition to that file there is a file call reseller_RESELLERSUSERS_<reselleracct> that contains a list of accounts for that reseller. I don't have a problem with that since the reseller should already know about his sub-accounts.

    Dave G.
     
    #1 dkg, Jun 13, 2009
  2. cPanelDavidG

    cPanelDavidG Technical Product Specialist

    Joined:
    Nov 29, 2006
    Messages:
    11,216
    Likes Received:
    10
    Trophy Points:
    313
    Location:
    Houston, TX
    cPanel Access Level:
    Root Administrator
    These files were being created by direct logins to cPanel using a combination of the reseller user name and the root password. We adjusted the product to no longer create these, nor update them if they exist. The /usr/local/cpanel/bin/purge_old_datastores utility can be used to remove existing files.

    The updates are present in:

    cPanel 11.25 ( EDGE ) builds 36736+
    cPanel 11.24.4 builds 36737+

    Thank you for bringing this matter to our attention.
     
    #2 cPanelDavidG, Jun 19, 2009
  3. dkg

    dkg Member

    Joined:
    Aug 2, 2004
    Messages:
    10
    Likes Received:
    0
    Trophy Points:
    151
    I'm using cPanel 11.24.4-R36167. The script you mentioned doesn't clear the files I am concerned about in the version of cPanel I am running.

    Is it safe to just delete them directly? Or are there other things that might expect the file to exist.

    Dave G.
     
    #3 dkg, Jun 19, 2009
  4. cPanelDavidG

    cPanelDavidG Technical Product Specialist

    Joined:
    Nov 29, 2006
    Messages:
    11,216
    Likes Received:
    10
    Trophy Points:
    313
    Location:
    Houston, TX
    cPanel Access Level:
    Root Administrator
    The script does not clear existing files. Feel welcome to delete these files manually, but until you are on one of the builds mentioned in my previous post, expect these files to become re-created.
     
    #4 cPanelDavidG, Jun 19, 2009
(You must log in or sign up to post here.)

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...
    Dismiss Notice