2

I do a lot of programming work for other people's businesses. I am currently working on a project for my local Scouts group that I have worked with before.

The problem is I have built them their server and I administer it for them but the problem is they need to make sure it's secure. Which is fine, and then I raised the issue of blocking old users... they then asked what about blocking you?

It's a valid point but I don't know of a way that they can. They have limited server experience so I considered designing an automatic block system which would block me. Ideally, it would require two other users login keys which could then somehow remove my access.

I have no idea how to approach this. I am using Ubuntu Server to run their servers.

PhoenixRising
  • 31
  • 1
  • 4
    If they don't trust you, then you should not manage their servers. – Christian Gollhardt Mar 26 '16 at 19:35
  • 7
    If they want to block you, all they have to do is change your password. You can then tell them you won't be administering their server anymore. The person who removes the password needs administrator access. End of. – Robert Harvey Mar 26 '16 at 19:45
  • 2
    I don't think it's that they don't trust him, I think someone told them to think about the rogue developer scenario (maybe from a bad experience) and they feel like they should be doing something about that. – Tim Post Mar 26 '16 at 19:49
  • 2
    @TimPost: Certainly valid, but asking the hypothetical rogue developer to do that something is just silly. – Lightness Races in Orbit Mar 26 '16 at 22:06
  • @RobertHarvey You should post that as an answer. – Ixrec Mar 27 '16 at 00:16

2 Answers2

6

This is a legitimate concern of theirs, but this is best solved with a .pdf file rather than new software.

Say instead of just you, you and a friend built this project and you both administer the server. Then, one day the friend decides he's going to pursue a new career of refilling ATMs in Antarctica, and will no longer have time to deal with your project. You'll quite obviously deactivate his accounts and revoke and security privileges he has. Whatever steps you would take to deactivate the friends' accounts, write those down and that document becomes the procedure to follow if they need to deactivate your accounts.

It just as easily could be you moving onto a different project and they would have to find someone new to manage the server, which is pretty likely as I doubt you're going to work on this project for the Scouts for the rest of your life. In that event you too would want your own accounts deactivated so if something dodgy happens, you won't be blamed for it.

As the presumed sole admin of the server, if your account is the only that can deactivate yours, then create a new admin account as a standby for this event, write the credentials down on paper, and give the paper with the credentials to the owner to be placed in a safe spot such as a deposit box to be accessed as needed, when the time comes.

You don't need to develop some sort of half-baked kill switch, just write down the steps they would need to take to disallow you access, the credentials to do so, and you're set.

whatsisname
  • 27,463
  • 14
  • 73
  • 93
1

As soon as someone among them has an account with administrative privileges, this person can block you. Of course, this requires to have a basic knowledge of command line: the person should know how to open an SSH connection and run the commands which will remove/block your account.

If relations between you and them remain good (such as you leave your current role to a different system administrator, because... well, the reason doesn't matter), you'll simply create an administrative account to your successor, and he will remove yours.

If, on the other hand, they want to protect themselves against a conflict where you might be able to go and destroy all the files on their server, that's a little harder. If the conflict is sudden, they just shut down the server and wait for a new system administrator to boot it locally and remove your account before you could do any harm. If the conflict isn't sudden, they hire a system administrator who uses their administrative access to remove your account and create his own.

In all cases, at least one of them should have an administrative account.

Obviously, if you're the one who actually hosts the server (for instance it's a virtual machine hosted with your own Amazon AWS account), there is nothing much they could do to protect themselves from you.

Arseni Mourzenko
  • 134,780
  • 31
  • 343
  • 513