• We value your experience with Plesk during 2025
    Plesk strives to perform even better in 2026. To help us improve further, please answer a few questions about your experience with Plesk Obsidian 2025.
    Please take this short survey:
    https://survey.webpros.com/

remove .psa.shadow file

E

erhnam

Basic Pleskian
I want to remove the /etc/psa/.psa.shadow file. The admin password is hardcoded in this file and for me this is a large security issue! What's the impact when removing this file?
 
Don't do it

I can't say I've done that before, but you should not remove that file. It is there for the use of Plesk (and it's included programs) to use when needed for authentication with different Plesk components (like the psa database)...

The file is not a security risk if the permissions are only RW for psaadm and nobody else. It's never going to be readable by Apache.

If someone gets root or psaadm access, then they're already either going to have that password or have access to EVERYTHING on the box, not just that file.

Jordan
 
You do not want to remove this file!! It will hose several things for sure!
 
You must log in or register to reply here.

Similar threads

mariodieck
Question Attempt to restore the "psa" database from a dump fails.
Replies
1
Views
327
Sebahat.hadzhi
Sebahat.hadzhi
M
Input Provide detailed security information and a dedicated security mailing list
Replies
4
Views
1K
Kaspar
K
Bitpalast
Forwarded to devs SSL auto-renewal attemps do not stop after removing cert and disabling SSL
Replies
6
Views
1K
Sebahat.hadzhi
Sebahat.hadzhi
W
Question Temporary backup files under /var/lib/psa/dumps/ after restore
Replies
0
Views
211
W4ru
W
H
Question Security Question: Found a "JuicyPotato.php" file in Plesk directory
Replies
7
Views
3K
hypmen
H
Back
Top