[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Re:[cobalt-users] Suspending servers

Subject: Re: Re:[cobalt-users] Suspending servers
From: "The Thieving Gypsy" <webmaster@xxxxxxxxxxxxxxxxxxx>
Date: Thu Dec 14 06:12:02 2000
List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>

> >I need to suspend the server of one of my clients.  The problem is, I
want
> >to leave them with limited access - simply unplugging the server would
cause
> >all sorts of bother over lost emails, etc. I plan on stopping the httpd
and
> >admserv daemons, and then suspending their telnet accounts, but am not
quite
> >sure whta th implications are...  My client has access to the admin
password
> >(and therefore the root) account, but I have set up another root account
for
> >my use.  My question is, which of the clients accounts should I suspend -
> >the admin account, or the root account?  What would the implications be
of
> >suspending the admin account if, for example the server crashed?  Also,
> >could suspending the root account have nasty repercussions?

> sounds pretty strange to me !  You gave someone the admin password ?
> Like this this person is able to do about *everything* to your server -
and - probably
> has done already !
> I would suggest to ask yourself why you are going to do such a thing like
revoking a
> granted permission. And if you have the answer to this - tell it your
customer and do
> what you decided.
> You can always install a SiteAdmin which has the rights to controll the
content of a
> virtual server and do some more administrating things. But at least he
doesn't have
> access to your whole machine.
>
> If you post more details, then maybe somebody has a better idea ?!

Sorry - to explain at bit more, I work for the UK office of Verio, and we
lease whole dedicated servers to our clients - so we give them full access
to the machines, whatever OS type they are.  On standard Linux boxes, we
give the client a "root2" account with uid and gid 0, and retain the root
account ourselves - but on Cobalts we can't do really do this. Our clients
are free to do whatever they like with the boxes, but if they reck them they
have to pay us to put them back together.   Generally, when we suspend
servers for non-payment we just unplug the ethernet cable, but this can
cause a lot of problems - clients can often take legal action over
bounced/lost emails.  To avoid this, I've been trying to find a way of
stopping the main services, but leaving the email running, and preventing
them from getting access to restart those suspended services.  As far as I
can tell, the options are:

1/. suspend the admin user - preventing them from using the GUI and telnet.
The question, though, is whether or not this would cause problems if the
server crashed and has to be taken into single user mode.
2/. Suspend the root user and turn off the GUI (to prevent reboot from a
browser).  Would this have any repurcusions, though?

Thanks,
              Dave

Follow-Ups:
- Re: Re:[cobalt-users] Suspending servers
  - From: Rik Thomas
- Re: [cobalt-users] Suspending servers
  - From: Jeff Lasman

References:
- Re:[cobalt-users] Suspending servers
  - From: Cobalt User

Prev by Date: Re: Re:[cobalt-users] Suspending servers
Next by Date: Re: [cobalt-users] <Sun and Raq and the> Virus email
Previous by thread: Re: Re:[cobalt-users] Suspending servers
Next by thread: Re: Re:[cobalt-users] Suspending servers

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index