• Introducing WebPros Cloud - a fully managed infrastructure platform purpose-built to simplify the deployment of WebPros products !  WebPros Cloud enables you to easily deliver WebPros solutions — without the complexity of managing the infrastructure.
    Join the pilot program today!
  • Support for BIND DNS has been removed from Plesk for Windows due to security and maintenance risks.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS.

/etc/passwd file access for Plesk 12 and 11

R

Roadkill-NZ-

New Pleskian
Hey all,

I am just wondering if Plesk needs to have read access for everyone (rw-r--"r--") for the /etc/passwd file?

Can you please advise whether it needs this access to it? As locking it down can stop some potential security issues with PHP being able to access it when run in a Web browser.

So far testing I have done hasn't produced any noticeable effects with using Plesk.

I would expect that this might affect users when accessing SSH, but as Plesk has a user with higher access, this may not be a problem for a hosting server.

Cheers,

Roadkill-NZ-
 
You must log in or register to reply here.

Similar threads

Y
Question Issue Implementing Dynamic CORS Headers in Plesk’s Additional NGINX Directives
Replies
1
Views
892
yfain
Y
H
Question SSH user can see other subdomain directories even with chrooted shell?
Replies
3
Views
983
Raul A.
R
H
Resolved Unable to Disable Node.js Application in Plesk – App Remains Accessible
Replies
1
Views
1K
HawkSky
H
learning_curve
Resolved Permissions on some of the files packaged by Plesk are incorrect[ERROR] - Post 18.0.69 Upgrade
Replies
19
Views
4K
learning_curve
learning_curve
O
Question How to allow the download of files with custom extensions from a Plesk server?
Replies
10
Views
3K
Kaspar@Plesk
Kaspar@Plesk
Back
Top