The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

root password: am I being too picky?

Discussion in 'Security' started by cycas, May 14, 2014.

  1. cycas

    cycas Member

    Joined:
    May 9, 2014
    Messages:
    12
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    I'm just moving all my Cpanel hosted sites to a new cloud server provider. My old provider seemed to have constant issues with not knowing my root password - if something went wrong and they needed to log into Cpanel to restart something. Even when I phoned it through to them, they often didn't seem to have a record of it so would send me emails asking for it. So, OK, new hosting provider (not only for that reason).

    New hosting provider is doing the Cpanel migration for me, because I'm lazy (or at least busy).

    New hosting provider sent me an email with the new root password for the new cloud server. OK, no problem, it's an empty clean account, I changed the password right away, and phoned new password through. They seemed a bit surprised I'd done this.

    New hosting provider wanted me to type root password protecting all my live sites into their web support system - which OK, is SSL'd, but is also accessible by clicking on a link in the email they sent me, there is no separate password for the support thread, and a copy of the thread is sent by email.

    Is it me, or is that a bit risky? I trust new hosting provider and old hosting provider to hold the root password - I'm a small business, I have to trust someone! But I'm not sure I trust everyone who might be able to get access to my email. I am not as careful with my email as I am with my root password!

    Since the WHM root password gives access to everything, I've always been very very careful with it. I change it often. I store it in an encrypted archive locally only. I never email it to anyone, I don't save it in my web browser when I use the WHM web interface.

    Am I stressing for no reason? Would this worry you?
     
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,854
    Likes Received:
    676
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello :)

    I would never say you can be too careful when it comes to protecting root access on your system. Here are some tips from cPanelJeff on another thread which you may also find helpful.

    Thank you.
     
  3. sparek-3

    sparek-3 Well-Known Member

    Joined:
    Aug 10, 2002
    Messages:
    1,384
    Likes Received:
    23
    Trophy Points:
    38
    cPanel Access Level:
    Root Administrator
    Is your new provider a managed hosting company or unmanaged?

    If it's managed, if they are managing the server and providing security for the server, then they'll need the root password. However, if it's managed, I somewhat question why you would need root access to the server. The more people that have root level access the more likely things can go wrong.

    If it's unmanaged, if you are responsible for providing security to the server, then I'm not really sure why your provider would need the root password. But if it's unmanaged, then you shouldn't be going to them for any support related inquiries at all.

    If it is a managed provider and you are doing all of the managing, then you may want to contact the provider and tell them to turn off a lot of their monitoring or anything that requires them to have root access since you are not using them for management.

    If you both want to be managers to the server, then understand that there is some difficulties in this. The more people that have root access to your server, the more likely you are to run into issues or root compromises. Your provider cannot vouche for the security that you provide and how secure you keep the password, and likewise you cannot vouche for your provider and the security they provide for the root password. If the password is ever compromised both of you are going to point the finger at each other and say its the other's fault.
     
Loading...

Share This Page