[Theforum] What do you want to do ? Faster, evolt, kill kill!

Ron Dorman rwd at csi1st.net
Thu Apr 18 18:49:43 CDT 2002


.jeff wrote:

>ron,
>
>><><><><><><><><><><><><><><><><><><><><><><><><><><><><><
>>From: Ron Dorman
>>
>>I do not share the opinions that Dan has excluded,
>>denied and cut off people truly trying to help evolt.
>><><><><><><><><><><><><><><><><><><><><><><><><><><><><><
>>
>
>i just have to respond to this one tiny piece of your entire post.
>
>if dan has not excluded or cut off people who are truly trying to help
>evolt.org, then why am i limited to ftp access only on teo?
>
I own and operate an ISP.  No one has shell access to our servers except
myself and my admins.  Simply good security practice.  Any shop I have
been in when consulting and designing custom code, I had access to a
work area with checkin/checkout tools to get the code I needed to work
on.  Most of them I couldn't even get the code I was supposed to work on
until I was authorized by the project manager.  When I work on our sites
from my home office, I have FTP access only.  The only reason I can
think of for remote shell access is for admin purposes, to restart a
dead server or service instead of having to drive to the data center,
and only highly secured access then.

>if i'm in going to be working on the cms don't you think i should have
>database access and maybe even server access to deal with quickly moving
>files and folders around if necessary, permissions, stopping/starting
>services in case i accidently hang/freeze/kill something?  what about
>cfserver aministrator access so i can tweak and tune the performance of the
>cms?  why do i not have access to add/edit/delete ftp accounts so i can give
>others access to work on the cms?  why do i not even know who all has access
>to that box and in what fashion?
>
Maybe database - view data privilege to check the data.  Unless you are
designing and developing the db there is no need for any privilege
beyond data view.

Moving files and folders and changing perms can be done with an ftp
client.  Restarting services is up to an admin.  I always checked with
the sysadmin before doing anything I suspected might hang a service.  If
I did hang a service I called the sysadmin.  (these are from the
consulting perspective, not my servers)  For our hosting customers we
provide a web interface to do restart services but it is all controlled
by our software, not by shell access.

Tuning also has been an admin task at most clients I have been in.  As
for ftp account maintenance, any kind of access maintenance, generally
is a function of a security officer or admin working for the security
officer.

I read a post a few days ago telling us who had what access to what.

If you really need these things to write code, provide proof of need,
otherwise they are just "would like to have" items,  which have been
very difficult to get any place I have ever been.

>i don't have any of the access or information mentioned above with the
>exception of an ftp-only account.  i'm not lacking the access or information
>i need because i've been quiet about my needs.  no, i've asked on many
>occassions and have either been ignored, had super old issues waved in my
>face (cop out) as why i can't/shouldn't have access, or just flat-out told
>no with no reason at all.
>
>i just thought you should have a chance at hearing a different perspective
>on this issue.
>
I thank you for the question and perspective.  It is a good one.
 However, it seems to me we have some decent security in place.  May not
be as extensive and inclusive as big corp stuff but decent for our needs
and from what I have read on the lists, fairly responsive when a need
arises.  I have waited 4 - 6 days to get just user login access on some
contracts.  If we have a couple of hours response on most issues to a
couple days response on a few, we could improve but aren't doing bad.

Ron D.





More information about the theforum mailing list