[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-users] Setting up a single admin user for multiple sites

Subject: Re: [cobalt-users] Setting up a single admin user for multiple sites
From: "Carrie Bartkowiak" <ravencarrie@xxxxxxxx>
Date: Mon May 21 15:39:05 2001
List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>

> Ok, how does one go about creating one user that has admin type
access to a
> large number of domains?
>
>He only requires ftp and telnet access for site uploads, etc.

Johan,
If he's got telnet access then he'll be able to walk into any site on
the machine.
If you want him to be able to ftp into all of them though, you'll have
to add his login to each of his sites in the group file. /etc/group.
You can't do this through the GUI, it must be done through shell as
root. Make sure to make a backup of the file before you start, and
copy the file to group- when you're finished.

However, with Linux there is a 32-site admin limit. Meaning that one
login can only ftp into 32 sites. Anything over that limit will have
to have a different login. So you're pretty much stuck - he's going to
have to have at least 2 different logins.
Also, once you add him to each site's line in the group file, he'll
still have to disconnect and reconnect to each site individually. He
can't just pop up out of one directory and go down into another - so
he may as well have separate logins for each of them. Once he puts the
username and password for each site into his FTP program, he'll never
have to think about it again; just hit CONNECT and he's there.

The only way to let him be able to move up out of one site's directory
and down into another site's directory without disconnecting is to
make him a server admin; and you do *not* want to do this. He'll be
able to go all over the server. He'll still be restricted by the
32-site limit even with this much reign - it's something all of us
face eventually (as hosts).

Do a search through the archives for "32 site limit" and you'll come
up with a bunch of results, workarounds and such; but the workarounds
are slanted towards you, the server admin... NOT a regular user. You
just don't want to give anyone that much leeway.
And most definitely, install SSH2 and disable telnet; make him (and
anyone else you're foolish enough to give shell access to) at least
come in through an encrypted connection.

I don't mean to sound harsh here, but maybe it would be better to just
put this guy and all of his sites on *one* server, so that he can't
get into anyone else's site (or yours). Then you can give him all the
shell access that he wants and rest assured that he's not poking into
everyone else's sites, getting database passwords or browsing into
protected directories.
Just to reiterate, though... this isn't a Cobalt thing, it's a Linux
thing. 32 sites per ftp login, max. End of story. :(

CarrieB

Follow-Ups:
- Re: [cobalt-users] Setting up a single admin user for multiple sites
  - From: Revd leonard payne

References:
- [cobalt-users] Setting up a single admin user for multiple sites
  - From: johan

Prev by Date: RE: [cobalt-users] RE: Hacked? Telnet gone, SSH gone, strange ports open
Next by Date: [cobalt-users] Email for ISP on RAQ3?
Previous by thread: [cobalt-users] Setting up a single admin user for multiple sites
Next by thread: Re: [cobalt-users] Setting up a single admin user for multiple sites

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index