Wheel Group (su)

[host95]

As the WHM doc points out, the &Wheel group& is a user group that can gain access to root by using the su command. Question: Will clients with superuser status have the ability to peek beyond their own home environment? Would be a &bad& to have prowlers finding out who you host, etc.

??

 

[dgbaker]

Wheel group users essentially become root user (god) when doing su.

 

[host95]

Thanks. I was afraid that's what I'd hear. There is no way anyone should give clear access to ALL server directories and files to someone not known or trusted. I'd be very interested in polling other Web hosts to see whether they are authorizing su privileges for their clients. Any way cpanel can be set up so su does not allow clients to go below their own /home directory?

D

 

[djoverho]

Is there a way other than the wheel group to create a superuser...Like say for dedicated clients that don't pay their bill and you want to login and change their password so they can't access their server until they pay the bill. Like in windows you have different usernames but give different permissions such as admin. It would be nice when setting up a server for a dedicated client to be able to give him an account username as root but for us to still be access the server if/when he changes the password, or if there was a way to lock the password so it couldnt be changed...is any of this possible and if so...how? Thanks in advance.

 

[easyhoster1]

If a dedicated server client does not pay there bill, the best command to run in ssh is;

# halt

This will shut down the server and when we get paid, we turn it back up...Suprising how fast we get our money )

 

[djoverho]

yeah, we can shut it down, but we cant get into shell if they change the password. I just thought it would be nice to have a seperate account for root access because the majority of the dedicated clients change the root password when give them access to it. I'm sure it can be done, I'm just not quite sure how to go about it...I'm thinking I would have to create an account in etc/passwd ...Is that correct? Thanks

 

[perlchild]

Originally posted by easyhoster1
If a dedicated server client does not pay there bill, the best command to run in ssh is;

# halt

This will shut down the server and when we get paid, we turn it back up...Suprising how fast we get our money )

a remote controlled power distribution unit works wonders about this concept, just change the user's password before doing so... (if the user who hasn't paid, had ordered remote reboot access capaibility)