Kaseya Community

Linux Kaseya Agent Removing KftpAgent user may ruin your system!

  • When you install the Linux Kaseya Agent it creates a KftpAgent user with the following /etc/passwd entry

    KftpAgent:x:0:1001::/:/bin/sh

    Besides the fact it has the same id as root which is bad it also has "/" as it's home directory which is bad!

    So if an administrator decides to use the --remove option with userdel... say goodbye to your Linux box!

    This needs to be fixed.

  • Would you prefer we use root directly?

    Also, we normally remove the KftpAgent user at the end of a session. Has it persisted beyond the ftp session on your system?

    Gordon

  • If that's sarcasm then I'll just ignore it, if it's a serious question then the answer is no - although at least using root doesn't have the potential to destroy a server.

    No the KftpAgent account was not removed during agent removal.

    The point here is that by creating this user account with these parameters you then create a situation that could lead to disaster.

  • For the record, it wasn't intended as sarcasm. The ftp user needs to run as a root equivalent or many files are not accessible. I once asked the original developer why he didn't just use root and he gave what he thought were valid reasons (sadly, I can't remember what they were :-).

    In any case, at a minimum I can change the home directory to something inconsequential like /tmp/.root. I might even be able to do away with it altogether.

    Gordon

  • We have an issue that this account is still persistent and causing alerts in out AV software. Trying to manually remove the user cause our server to crash.

    How can we change the UID so it's no-longer 0 or safely remove this account?