Skip to content

Zabbix agent configuration for unsafe parameters

In Zabbix agent configurations, the UnsafeUserParameters directive controls whether special characters are permitted in user-defined parameter arguments.^[600-developer-operation-maintenance-zabbix-zabbix-key.md]

Functionality

When set to 1, this option allows all characters to be passed in arguments to user-defined parameters.^[600-developer-operation-maintenance-zabbix-zabbix-key.md] By default, or when set to 0, the agent restricts certain characters to prevent potential command injection or security risks.

Restricted Characters

If UnsafeUserParameters is set to 0 (or left to default), the following characters are explicitly not allowed in arguments:^[600-developer-operation-maintenance-zabbix-zabbix-key.md]

  • \ (Backslash)
  • ' (Single quote)
  • " (Double quote)
  • ` (Backtick)
  • * (Asterisk)
  • ? (Question mark)
  • [ ] (Square brackets)
  • { } (Curly braces)
  • ~ (Tilde)
  • `--- title: Zabbix agent configuration for unsafe parameters summary: Security-related configuration settings in Zabbix agent (EnableRemoteCommands, UnsafeUserParameters, Timeout) that control execution of remote commands and passing special characters in user-defined parameters. sources:
  • 600-developer-operation-maintenance-zabbix-zabbix-key.md kind: concept createdAt: "2026-04-28T04:58:55.462Z" updatedAt: "2026-04-28T04:58:55.462Z" tags:
  • monitoring
  • security
  • configuration
  • zabbix aliases:
  • zabbix-agent-configuration-for-unsafe-parameters
  • ZACFUP confidence: 0.9 provenanceState: extracted inferredParagraphs: 0

(Dollar sign) * ! (Exclamation mark) * & (Ampersand) * ; (Semicolon) * ( ) (Parentheses) * < > (Angle brackets) * | (Pipe) * # (Hash) * @ (At sign)

Additionally, newline characters are prohibited in arguments.^[600-developer-operation-maintenance-zabbix-zabbix-key.md]

Configuration Syntax

The directive is defined in the Zabbix agent configuration file (e.g., zabbix_agentd.conf or zabbix_agentd.win.conf).^[600-developer-operation-maintenance-zabbix-zabbix-key.md]

### Option: UnsafeUserParameters
#   Allow all characters to be passed in arguments to user-defined parameters.
#   0 - do not allow
#   1 - allow
#
# Mandatory: no
# Range: 0-1
# Default:
UnsafeUserParameters=1
  • [[Zabbix]]
  • [[UserParameter]]

Sources

  • 600-developer-operation-maintenance-zabbix-zabbix-key.md