• Inviting everyone who uses WordPress management tools in Plesk
    The Plesk team is conducting a 60-minute research session that includes an interview and a moderated usability test.
    To participate, please use this link .
    Your experience will help shape product decisions and ensure the tools better support real-world use cases.

remove .psa.shadow file

E

erhnam

Basic Pleskian
I want to remove the /etc/psa/.psa.shadow file. The admin password is hardcoded in this file and for me this is a large security issue! What's the impact when removing this file?
 
Don't do it

I can't say I've done that before, but you should not remove that file. It is there for the use of Plesk (and it's included programs) to use when needed for authentication with different Plesk components (like the psa database)...

The file is not a security risk if the permissions are only RW for psaadm and nobody else. It's never going to be readable by Apache.

If someone gets root or psaadm access, then they're already either going to have that password or have access to EVERYTHING on the box, not just that file.

Jordan
 
You do not want to remove this file!! It will hose several things for sure!
 
You must log in or register to reply here.

Similar threads

mariodieck
Question Attempt to restore the "psa" database from a dump fails.
Replies
1
Views
946
Sebahat.hadzhi
Sebahat.hadzhi
M
Input Provide detailed security information and a dedicated security mailing list
Replies
13
Views
4K
hschramm
hschramm
Bitpalast
Forwarded to devs SSL auto-renewal attemps do not stop after removing cert and disabling SSL
Replies
6
Views
3K
Sebahat.hadzhi
Sebahat.hadzhi
K
Issue Problems with fresh install Plesk and Laravel
Replies
4
Views
2K
Sebahat.hadzhi
Sebahat.hadzhi
S
Resolved Package conflict - Package Update Manager
Replies
3
Views
971
Sebahat.hadzhi
Sebahat.hadzhi
Back
Top