Page 1 of 1
Disabling admin accounts
Posted: Wed Apr 23, 2008 11:52 pm
by alex.barylski
I signed up for a dedicated hosting service...fully self managed except for requests tickets where their admin's might need access ot my server.
Like with most hosting companies, there are two or more accounts which are used internally by them...which they recommend keeping active incase of an emergency. If I disable the account it's not my fault if they cannot make nessecary repairs.
I don't really like the idea of any accounts existing outside of my own...should I disable their accounts? What kind of maintenance would they need to do which would require admin access? If I ever screw something up that badly software wise...I would likely just reinstall the OS and start from scratch.
How do I disable these admin accounts they have setup? Wise idea or no?
Re: Disabling admin accounts
Posted: Thu Apr 24, 2008 7:03 am
by VladSun
To look for a root access:
Should return only
And
should not return anything in case you haven't setup SSH key authorization.
Keep in mind that there may be other ways to get root access (e.g. ordinary user account and "su").
Re: Disabling admin accounts
Posted: Thu Apr 24, 2008 2:05 pm
by alex.barylski
EDIT | I simply reset the passwords for their admin account and changed my own as well.
The first command returned two accounts:
root and admin (the latter of which is theirs). I should probably reset my own password for root as well. How do I disable their account?
The last command returns: No such file or directory.
Ideally I just don't want them to have access to my PHP scripts, but I'm thinking this is not possible as my PHP setup requires scripts to execute as readable by world (user: nobody). Short of executing PHP with suexec...I guess just disabling their accounts is probably easiest?
I'm curious though as to what exactly they would access for. If a hardware failure occurs could they not fix that without having to login and make root changes?
Re: Disabling admin accounts
Posted: Thu Apr 24, 2008 3:20 pm
by VladSun
Because you don't have physical access tot the server, there are many things you may screw up - e.g. executing "halt"

Most of the times I have screwed up something with my servers was refusing SSH access to the machine - in most cases by bad firewall rules or changing network interface settings (e.g. "ifdown"

). So, there would be cases where only console access would be needed in order to make things work.
Re: Disabling admin accounts
Posted: Thu Apr 24, 2008 4:14 pm
by alex.barylski
I don't anticipate screwing up the system...I don't really tinker with much outside of a typical LAMP stack...and recently with mail servers. Not sure I know enough to be "that" dangerous.
Although, if I did happen to **** stuff up, could I not just send them an email with my root details? They could then login as root and do the exact same thing, no?
Re: Disabling admin accounts
Posted: Thu Apr 24, 2008 4:26 pm
by VladSun
Hockey wrote:I don't anticipate screwing up the system...I don't really tinker with much outside of a typical LAMP stack...and recently with mail servers. Not sure I know enough to be "that" dangerous.

Don't bet on it
Hockey wrote:Although, if I did happen to **** stuff up, could I not just send them an email with my root details? They could then login as root and do the exact same thing, no?
That's correct

Re: Disabling admin accounts
Posted: Thu Apr 24, 2008 4:42 pm
by alex.barylski
Hmmm...how does rebooting the system render ssh unusable?
In anycase, they have a web based control panel for restarting your server...I'll keep that in mind though so I always work like stepping on egg shells.

Re: Disabling admin accounts
Posted: Thu Apr 24, 2008 4:58 pm
by VladSun
Hockey wrote:Hmmm...how does rebooting the system render ssh unusable?
Code: Select all
:~# cat /etc/rc.d/rc.firewall
#!/bin/bash
iptables -I INPUT -p tcp --dport 22 -j DROP
reboot doesn't help in this case
