DotEasy vs. SSH
I just got an answer back from DotEasy customer support about the question I raised yesterday.
Hello tongodeon,
The security issue arises from giving others SSH access to the Webserver. With SSH access, it is possible to add/edit/modify sites other than your own which is troublesome for other users who are also located on the same server. This is the reason we do not allow SSH access.
If you have any additional questions or concerns, please feel free to contact us again.
Regards,
Steve
Doteasy Customer Service
"Join the hosting revolution!"
This answer is about 1000x stupider than anything I was expecting. They're not using an OS that allows administrators to restrict access to files based on their user ID? FTP is somehow aware of these restrictions but SSH isn't?
I assume that you're hosting with some sort of operating system that gives every user their own userID and can restrict file and directory access, correct?
SSH operates under the same user permission restrictions as any other program, including ftpd. If it is possible for SSH to alter the files of another user then it is possible for FTP as well.
If anyone's got a suggestion for another web host that offers the at least essentials (Unix, SSH/SFTP/SCP, MySQL, Apache, PHP) let me know. I'm not sure that matrushkaka wants to go through another series of relay calls and headaches to transfer her domain again but I'm wondering what else is out there. I use phpwebhosting but I wouldn't necessarily recommend them.
Hello tongodeon,
The security issue arises from giving others SSH access to the Webserver. With SSH access, it is possible to add/edit/modify sites other than your own which is troublesome for other users who are also located on the same server. This is the reason we do not allow SSH access.
If you have any additional questions or concerns, please feel free to contact us again.
Regards,
Steve
Doteasy Customer Service
"Join the hosting revolution!"
This answer is about 1000x stupider than anything I was expecting. They're not using an OS that allows administrators to restrict access to files based on their user ID? FTP is somehow aware of these restrictions but SSH isn't?
I assume that you're hosting with some sort of operating system that gives every user their own userID and can restrict file and directory access, correct?
SSH operates under the same user permission restrictions as any other program, including ftpd. If it is possible for SSH to alter the files of another user then it is possible for FTP as well.
If anyone's got a suggestion for another web host that offers the at least essentials (Unix, SSH/SFTP/SCP, MySQL, Apache, PHP) let me know. I'm not sure that matrushkaka wants to go through another series of relay calls and headaches to transfer her domain again but I'm wondering what else is out there. I use phpwebhosting but I wouldn't necessarily recommend them.