Restoring account backup packages from unknown, or untrusted, sources
Posted by on 26 September 2016 11:31 AM

The account backup package system (pkgacct) is designed to transfer an account between machines inside your ecosystem. This system's primary goal is to prefer replication integrity in order to simplify the process of migrating your accounts between your servers.

  • In order to achieve this goal it must copy the entire account, along with its configuration, privileges, customizations, files, and permissions that the account has been granted.
  • The system is not designed to handle untrusted data. There are a myriad of ways a malicious user can alter an account backup package to escalate privileges, or add additional privileges to an account backup package.
  • We strongly recommend that you do not restore data from untrusted sources. It is for this reason that the restore system has always been limited to the root user.
(0 vote(s))
Not helpful