The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Uninstall Postgres and disable access to PgSQL-related features

Discussion in 'Database Discussions' started by Hitakashi, Sep 3, 2010.

  1. Hitakashi

    Hitakashi Member

    Joined:
    Jan 14, 2010
    Messages:
    9
    Likes Received:
    0
    Trophy Points:
    1
    I know theres topic's about it, But they only give how to uninstall postgres and it's other files, but it doesn't delete the files installed in cPanel. It leaves the chkservd, phpPgAdmin and other files, How can we actually completely remove Postgres with phpPgAdmin that was installed via /scripts/installpostgres
     
  2. cPanelJared

    cPanelJared Technical Analyst
    Staff Member

    Joined:
    Feb 25, 2010
    Messages:
    1,842
    Likes Received:
    18
    Trophy Points:
    38
    Location:
    Houston, TX
    cPanel Access Level:
    Root Administrator
    I am looking at a server that once had PostgreSQL installed, but does not now (I removed the RPM packages), and phpPgAdmin is not mentioned in the WebHost Manager or cPanel interfaces.

    If you uninstall PostgreSQL, the actual phpPgAdmin files will still be present, because they are part of the cPanel distribution. However, to make certain that phpPgAdmin is not mentioned in cPanel, you can disable it, as well as the cPanel PostgreSQL page, in Main >> Packages >> Feature Manager.

    To remove PostgreSQL from chkservd:

    Code:
    # cd /etc/chkserv.d
    # rm -f postgresql
    # cd /var/run/chkservd
    # rm -f postgresql
    # /scripts/restartsrv_tailwatchd
    PostgreSQL will no longer be monitored, and its status will not be displayed in Main >> Server Status >> Service Status.
     
  3. B12Org

    B12Org Well-Known Member

    Joined:
    Jul 15, 2003
    Messages:
    692
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    Seattle Washington
    cPanel Access Level:
    Root Administrator
    is the web based manager for the databases also disabled at this point ?
     
  4. cPanelJared

    cPanelJared Technical Analyst
    Staff Member

    Joined:
    Feb 25, 2010
    Messages:
    1,842
    Likes Received:
    18
    Trophy Points:
    38
    Location:
    Houston, TX
    cPanel Access Level:
    Root Administrator
    Controlled by Feature Manager

    In Main >> Packages >> Feature Manager, there are two features relevant to this question:


    • PhpPgAdmin
    • PostgresSQL

    The first controls whether phpPgAdmin is available in cPanel. The second controls whether the cPanel interface for adding and removing PostgreSQL databases and users is available in cPanel.
     
  5. B12Org

    B12Org Well-Known Member

    Joined:
    Jul 15, 2003
    Messages:
    692
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    Seattle Washington
    cPanel Access Level:
    Root Administrator
    but isnt there a phpmyadmin web based app for postgresql ? I realize that the feature manager may take away the button, but does it actually remove the site as well or if some one knows it from another server can they maually type it in and possibly exploit ?
     
  6. cPanelJared

    cPanelJared Technical Analyst
    Staff Member

    Joined:
    Feb 25, 2010
    Messages:
    1,842
    Likes Received:
    18
    Trophy Points:
    38
    Location:
    Houston, TX
    cPanel Access Level:
    Root Administrator
    Controlled by Feature Manager

    phpPgAdmin is to PostgreSQL as phpMyAdmin is to MySQL. The "PhpPgAdmin" feature in the feature list controls whether phpPgAdmin is available in cPanel. With the feature disabled, and PostgreSQL uninstalled, even if you could access phpPgAdmin, it would not be able to do anything, because PostgreSQL would not be running on the server.
     
  7. B12Org

    B12Org Well-Known Member

    Joined:
    Jul 15, 2003
    Messages:
    692
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    Seattle Washington
    cPanel Access Level:
    Root Administrator
    so the short answer is despite removing it from the feature manager, despite uninstalling postgresql from the server, the web site will still be there and be active/reachable.

    correct?
     
  8. cPanelJared

    cPanelJared Technical Analyst
    Staff Member

    Joined:
    Feb 25, 2010
    Messages:
    1,842
    Likes Received:
    18
    Trophy Points:
    38
    Location:
    Houston, TX
    cPanel Access Level:
    Root Administrator
    This is as intended

    The feature list controls what is available in cPanel; it does not mean that a feature is entirely disabled. If you know the exact URL, you can still access features that are set as disabled by the feature list. For example, you could still access the mailbox creation page, or phpMyAdmin, even if they were disabled in the feature list.

    However, you can set limits, such as the number of mailboxes allowed or databases, that will effectively limit how useful it is to access the disabled pages. Also, if you have uninstalled phpPgAdmin from the server, then being able to access phpPgAdmin directly by the URL will not be useful, because there is no database server to control.
     
  9. B12Org

    B12Org Well-Known Member

    Joined:
    Jul 15, 2003
    Messages:
    692
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    Seattle Washington
    cPanel Access Level:
    Root Administrator
    I understand, but my point is that even though its disabled and removed, some one could still use a code exploit that is in phpmyadmin or phppgadmin or w/e page it is and possibly exploit your server - even though you did your part by seeminly removing it from your server.

    Additionally if you have mail disabled the system should not allow you to visit the mailbox creation page - it should redirect you out. That is a fatal flaw that would potentially allow users to get arround the limits you have in place.

    Say for example that some one has their own custom mail pages and doesnt use your mail stuff in any capacity - but does then set a limit above 0 to be able to easily read and display stats in cpanel. Well now the customer can circumvent that feature restrition and get there anyways, create a mailbox locally and potentially use that to send spam or w/e

    Its kind of a problem....
     
Loading...

Share This Page