1. Advertising
    y u no do it?

    Advertising (learn more)

    Advertise virtually anything here, with CPM banner ads, CPM email ads and CPC contextual links. You can target relevant areas of the site and show ads based on geographical location of the user if you wish.

    Starts at just $1 per CPM or $0.10 per CPC.

1 server user per domain ? Why is it recommended to create a user for each domain that you host ?

Discussion in 'Web Hosting' started by buythiscomputer, Jun 22, 2017.

  1. #1
    hello,

    When hosting different domains on a dreamhost account, it is recommended to create a new "user" for each domain that you host.

    Can you explain why it is recommended ?

    I see a benefit hosting all domains under the same user"
    when connecting to FTP, only 1 connection will allow me to work on all my domain files.
    SEMrush
    But if I have 1 FTP user per domain it means that I will have to connect to each user to be able to edit all my websites.


    Can you tell me what are the reasons to recommend to create 1 new server user for each domain hosted on the same dreamhost account / server ?

    Thank you.
     
    buythiscomputer, Jun 22, 2017 IP
    SEMrush
  2. PoPSiCLe

    PoPSiCLe Illustrious Member

    Messages:
    4,627
    Likes Received:
    716
    Best Answers:
    151
    Trophy Points:
    420
    #2
    To not allow for what you want, basically, because it's horrible, security wise. If anyone gets a hold of that one account, due to hacks, carelessness, or whatever, s/he will have access to ALL the sites hosted on the account, and will be able to freely change between them, destroy them, delete them, deface them etc.
    If you create separate accounts, s/he will have access to the compromised site, but none of the others (will of course mean you will need to create proper passwords and such as well, but that should always be the case, of course).

    Multiple hosts on same account should be avoided - especially if you want to give others access. If these are all your own sites, hosted on your account, sure, one single sign-on can be useful, but it's still a security risk. Same as you don't use a root-user to login to the server via SSH - you use a regular account, and then up it via SU or SUDO.
     
    PoPSiCLe, Jul 5, 2017 IP
  3. buythiscomputer

    buythiscomputer Member

    Messages:
    69
    Likes Received:
    1
    Best Answers:
    0
    Trophy Points:
    43
    #3
    Thank you so much !

    Can I know why"you don't use a root-user to login to the server via SSH - you use a regular account, and then up it via SU or SUDO." ?

    Do you mean that we should not create root-users ?

    What is the difference if someone login to SSH with regular and then up it via SUDO ? Isn't it the same at the end ?

    Thank you again for your teaching !
     
    buythiscomputer, Jul 5, 2017 IP
  4. PoPSiCLe

    PoPSiCLe Illustrious Member

    Messages:
    4,627
    Likes Received:
    716
    Best Answers:
    151
    Trophy Points:
    420
    #4
    No, you do not give regular accounts root, and you limit which accounts belong in SUDO.

    There isn't really a difference (well, there is, but lets pretend there isn't for the sake of argument) between logging in with a priviliged account, and SUDOing a limited account, but the point is that if someone gets ahold of the limited account, they have... a limited account. Unless they ALSO get ahold of the SUDOer password (which does not have to be the same password), then they won't get very far. Which is also the reason why you do not give out root-access to ANYONE besides yourself - hierarchial user-setups, with the root user on top, and all the others below, is the sane way to go. Same goes for group-access - make sure you give users access to only the things they need - set up separate log-files for each domain / account, so they can access their own error-logs, make sure they have limited access to the file-system (preferably only their own folder-instance for uploading / managing the website-files) and so on.
     
    PoPSiCLe, Jul 8, 2017 IP
  5. FloXera-Jose

    FloXera-Jose Greenhorn

    Messages:
    6
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    21
    #5
    You can't imagine how many customers we have that have dozens of websites/domains under the same cPanel.
    The last time one of this customer contact us he was in panic cause one of his websites, that didn't had the plugins updated, was compromised, and also ALL the other websites he had under the same cPanel account. Lesson learned. After he spend 3 hours "cleaning" and updating everything he's account was on hold making him loose thousand of visitors. Next day he bought a multi-domain (reseller) account for this didn't happen again :)
     
    FloXera-Jose, Jul 17, 2017 IP