/etc/trueuserowners readable by cPanel users?
Hi,
Today one of my Cpanel user reported me that he is getting all the usernames of the server and the location of the file is here : .cpanel/caches/config/
File :
_etc_trueuserowners___ ........
Now I have checked on the other cpanels and it is really strange that it is always creating on the new cpanel as well as old.
So how to close this and also delete these files from the server?
As I do afraid that if anyone uses Brute Force he can be logged into the several accounts if the server owner is using the same password for the cpanels.
-
Do you have any more details on how this can be duplicated? 0 -
Hello @Sujoy Dhar, This topic was brought recently as part of internal case CPANEL-21379. It was determined that it's currently by design for the /home/$username/.cpanel/caches/config/etc_trueuserowners__$ file to exist under individual accounts. The /etc/trueuserowners file is read by individual cPanel users as part of functionality used to determine which data is displayed, and whether the account is the owner of a specific domain name. Multiple cPanel features rely on this functionality (e.g. Track Delivery, Branding). Thank you. 0
Please sign in to leave a comment.
Comments
2 comments