Knowledge Base

Enhancing Security – Protecting from Running Tasks on Behalf of root

By default, Plesk allows utilities or scripts to be run on behalf of the
root user in two cases:

When the Plesk administrator creates a scheduled
task
and explicitly selects root as the user to run the task under.
When the Plesk administrator creates an event
handler
and explicitly selects root as the user to run the associated
command under.

This gives the Plesk administrator more flexibility, but can potentially
present a security threat if the Plesk administrator account is
compromised (for example, via social engineering), as the malicious
actor can then use this functionality to execute commands on the server
on behalf of the root user without knowing the root user
password.

To counteract this, the Plesk administrator can choose to forbid the
creation of scheduled tasks and/or event handlers running on behalf of
the root user.

To prevent users from running cron tasks and viewing the list of
tasks scheduled on behalf of the root user, create an empty file
named root.crontab.lock in the $PRODUCT_ROOT_D/var/
directory.
To prevent users from creating event handlers functioning on behalf
of the root user, create an empty file named
root.event_handler.lock in the $PRODUCT_ROOT_D/var/
directory.

The $PRODUCT_ROOT_D is /usr/local/psa for RPM-based systems or
/opt/psa on DEB-based systems.

Knowledge Base

Enhancing Security – Protecting from Running Tasks on Behalf of root

Securing the WordPress Frontier with WP Guardian

Introducing WP Guardian Vulnerability Protection: Now available for WP Toolkit

What is Cloudflare and How To Set It Up For Your Site?

IIS Web Server Settings – Directory Security Settings

Downloading Backup Files from Server

Event Parameters Passed by Event Handlers – Server health status changed

Plesk Single Server Post-install Configuration – Hiding Plesk Controls and Tools

Install Enhancing Security – Protecting from Running Tasks on Behalf of root extension