does cpanel treat all customers like this?

[jayntguru]

I am having an issue, question support.

Support asks for root access. Sorry, not going to happen, I am a perfectly capable *nix admin (so says the fortune 500 I work for). Support's response?

"
ok, I hope you find the problem. If you change your mind feel free to create a new ticket with the description and the root SSH info.

Have a great day!
--
Daniel Muey
cPanel Support Level II"

This isn't free, I pay for support, this is unacceptable.

 

[Marty]

How can they provide support if they don't have access to investigate and find out what the problem might be? Of course, I don't know what you asked them, but there are times when you need access to the server to determine what the problem is.

 

[jayntguru]

I will be happy to look at anything they want, easy stuff.

If you are OK with passing out root to random people on the internet, well, that's one more hosting company to stay away from.

 

[richy]

But they may need to check settings X+Y and see how they compare to the contents of file F and if they do not match, then examine the contents of K and see how that compares to L etc etc. It's just a lot lot faster if you give them root access temporarily (changing the root password to a temporary one) then for them to describe what to check and what to do if certain things have certain settings etc. And I bet like most technical support departments, they've tried to describe the steps in the past only to be dealt with the response "Didn't work" instead of helpful information (such as the contents/settings of files) which means they've got to ask for the data again and again - wasting time and money...

 

[jayntguru]

This isn't an emergency, speed is not a priority of mine here.

Whose to say they don't install a root kit while logged in? They have already shown how unprofessional they can be.

 

[richy]

Speed is an issue for the cPanel team though - the longer they speed diagnosing one customers problem is less time they could have spent helping 10 other customers or development/bug fixing work.

How do you know they haven't got a rootkit in the main cPanel/WHM software itself OR just setup their update servers to watchout for your IP address and when you update the cPanel software on your machine provide you with a rootkitted version?

If you are honestly that worried/scared of the way cPanel Inc works, well, I suppose you could try Ensim (who also ask for the root password for diagnostics of strange issues), third party server management companies to assist (who will also ask for the root password) etc etc.

 

[chirpy]

Since they have complete control over their own software which works right at the heart of your OS, then fearing that they will install a root kit on your server is rather silly and indeed moot.

The fact of the matter is that with an infinite variety in the configuration of server and OS envirnoments, they will need access to investigate a problem if they cannot recreate it themselves. If you need them to sign an NDA or something similar, I'm sure they would do so, but if you deny them the access that you need to resolve a problem, you cannot expect them to fix it.

If you feel that strongly about them accessing that particular server and you indeed work for such a large organisation, I'd suggest putting up a server with cPanel installed that they can have free reign on and recreate the conditions for them where you have the problem. You can then wipe the server clean after they've been on it. But this still won't necessarily help in a situation where you need access to be able to inevestigate an issue.

As a server administrator one really ought to be able to appreciate that need.

 

[chirpy]

If you are OK with passing out root to random people on the internet, well, that's one more hosting company to stay away from.

I understand you are frustrated, but please don't be abusive to others on the forums who are here in their own free time.

 

[rpmws]

this is stupid!! why would they install a rootkit if they already had root at that point? cPanel if they wanted to screw up the internet, do you harm, crush your company they could slip the "bomb" in the next update, cancel your license, let's see .. humm. If you don't trust the people that author and support the software that helps run your fortune 500 company ..then why is it installed and running on your company servers already. Maybe by installing it you already let in the "rootkit". But wait ..if cPanel had root already ..they wouldn't need to ask for root right? wouldn't they just use their "kit"? Often letting them have 10- 15 minutes in a box I find they find something that otherwise they did not know about and minutes later a fix is published ..that fix in a latest update can fix problems for others "before" clients are affected . I have seen this exact thing happen with the help of cPanel more than once and them having root was the only way for it to happen in a timly matter. Just make a SU user for them or change the root pass and watch them ..then change it back if you are worried about people using that password later to come back in.

 

[rpmws]

If you are OK with passing out root to random people on the internet, well, that's one more hosting company to stay away from.

"random" people? I guess you install your software at random as well?

 

[chirpy]

I think we've done that aspect of it to death, we don't want to start a slnging match

I can appreciate it that it can come as a shock when cPanel asks for your root password and, of course, the choice is yours. You have to weigh up the benefits of providing the access and getting something fixed, against not doing so and accepting that it won't be.

This is ultimately cPanel's choice of support (and IMO completely understandable and acceptable from a developers POV) and if you are not comfortable with that, you also have a choice, but voting with your feet and to move on to a different product if they provide different support terms that better meet your needs. Otherwise, you will have to accept the reality of their support policies.

 

[jayntguru]

This is my personal server, not my companies. I do *nix administration for a 500 though, so I am more than capable of troubleshooting an issue. Usually, I refer to the documentation, but the documentation for cpanel/whm sucks.

If you hand out your root password via unsecured smtp email on the internet, you deserve to be hacked. Not gonna happen here. This is why I bought my own box, I wasn't satisfied with the "security" that most web hosts offer. Looks as if my fears are founded in truth if passing out your root password is such a generally accepted standard.

No, I don't trust anyone. I don't really think the cpanel staff intend to put in a root kit, but with the unprofessionalism I have already seen I will err on the side of caution.

 

[richy]

The last time we had to provide a root password to Cpanel Inc, I changed the password to a temporary one and then entered it via their Secure HTTPS Site at https://tickets.cpanel.net/submit/index.cgi?support=1 and you can update tickets that way as well.

 

[MMarko]

No, I don't trust anyone. I don't really think the cpanel staff intend to put in a root kit, but with the unprofessionalism I have already seen I will err on the side of caution.

Maybe it's time you see your docotor...

 

[chae]

This isn't an emergency, speed is not a priority of mine here.

Whose to say they don't install a root kit while logged in? They have already shown how unprofessional they can be.

Best of luck to you..to date I've found cPanel techsupport very responsive, professional & 10/10 for resolving our issues. We never supply passwords by email it's always done via their secure ticket system then the password for root is changed.

 

[anup123]

If an irate AOL employee could sell few million email addresses, i do not find jayntguru's POV entirely misplaced. WRT unprofessionalism, i think i could take the courage of keeping access open without response for days, only to close it and get a response that it would be taken up mon/tue ... Well which Mon/Tue i am not sure coz even the one that's gone has no follow up.

Anup

 

[chirpy]

Jay,

I asked you to stop posting rude comments about others, and I'm not asking twice.