The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Security issue?

Discussion in 'Security' started by BianchiDude, Apr 19, 2008.

  1. BianchiDude

    BianchiDude Well-Known Member
    PartnerNOC

    Joined:
    Jul 2, 2005
    Messages:
    619
    Likes Received:
    0
    Trophy Points:
    16
    Is this a security issue?

    I noticed when restoring an account the files are owned by root until the end of the restore process, and are also owned by the group root, when all the files are chowned back to the regular username.

    For a large account it can often take 30min - 1 hour or more to restore.

    Does this pose a security risk?
     
  2. rpmws

    rpmws Well-Known Member

    Joined:
    Aug 14, 2001
    Messages:
    1,824
    Likes Received:
    5
    Trophy Points:
    38
    Location:
    back woods of NC, USA
    i would think that would be a security advantage NOT a risk?
     
  3. cPanelKenneth

    cPanelKenneth cPanel Development
    Staff Member

    Joined:
    Apr 7, 2006
    Messages:
    4,460
    Likes Received:
    22
    Trophy Points:
    38
    cPanel Access Level:
    Root Administrator
    As long as none are setuid, there should be little to no problem with this. Being owned by root, the user will have little control over the files, especially when accessed via the cPanel interface as we perform a number of checks when performing actions as the user.

    Since the restore process is not executing anything in the backup, any attack vector would be vanishingly small to non-existent.
     
Loading...

Share This Page