.jeff wrote: >ron, > >><><><><><><><><><><><><><><><><><><><><><><><><><><><><>< >>From: Ron Dorman >> >>I do not share the opinions that Dan has excluded, >>denied and cut off people truly trying to help evolt. >><><><><><><><><><><><><><><><><><><><><><><><><><><><><>< >> > >i just have to respond to this one tiny piece of your entire post. > >if dan has not excluded or cut off people who are truly trying to help >evolt.org, then why am i limited to ftp access only on teo? > I own and operate an ISP. No one has shell access to our servers except myself and my admins. Simply good security practice. Any shop I have been in when consulting and designing custom code, I had access to a work area with checkin/checkout tools to get the code I needed to work on. Most of them I couldn't even get the code I was supposed to work on until I was authorized by the project manager. When I work on our sites from my home office, I have FTP access only. The only reason I can think of for remote shell access is for admin purposes, to restart a dead server or service instead of having to drive to the data center, and only highly secured access then. >if i'm in going to be working on the cms don't you think i should have >database access and maybe even server access to deal with quickly moving >files and folders around if necessary, permissions, stopping/starting >services in case i accidently hang/freeze/kill something? what about >cfserver aministrator access so i can tweak and tune the performance of the >cms? why do i not have access to add/edit/delete ftp accounts so i can give >others access to work on the cms? why do i not even know who all has access >to that box and in what fashion? > Maybe database - view data privilege to check the data. Unless you are designing and developing the db there is no need for any privilege beyond data view. Moving files and folders and changing perms can be done with an ftp client. Restarting services is up to an admin. I always checked with the sysadmin before doing anything I suspected might hang a service. If I did hang a service I called the sysadmin. (these are from the consulting perspective, not my servers) For our hosting customers we provide a web interface to do restart services but it is all controlled by our software, not by shell access. Tuning also has been an admin task at most clients I have been in. As for ftp account maintenance, any kind of access maintenance, generally is a function of a security officer or admin working for the security officer. I read a post a few days ago telling us who had what access to what. If you really need these things to write code, provide proof of need, otherwise they are just "would like to have" items, which have been very difficult to get any place I have ever been. >i don't have any of the access or information mentioned above with the >exception of an ftp-only account. i'm not lacking the access or information >i need because i've been quiet about my needs. no, i've asked on many >occassions and have either been ignored, had super old issues waved in my >face (cop out) as why i can't/shouldn't have access, or just flat-out told >no with no reason at all. > >i just thought you should have a chance at hearing a different perspective >on this issue. > I thank you for the question and perspective. It is a good one. However, it seems to me we have some decent security in place. May not be as extensive and inclusive as big corp stuff but decent for our needs and from what I have read on the lists, fairly responsive when a need arises. I have waited 4 - 6 days to get just user login access on some contracts. If we have a couple of hours response on most issues to a couple days response on a few, we could improve but aren't doing bad. Ron D.