This document outlines the updated policy regarding user access to any or all of the following:
The changes outlined within will help to mitigate the risk of accounts being compromised due to viruses or malware, and will facilitate an easier transition in the event that a user with server access is no longer employed with noise.
FTP will no longer be used when SFTP is an option. SFTP is an extension of SSH, and passwords are encrypted before being sent to the server. For most existing accounts, SFTP is already available, so developers simply need to switch their settings to SFTP fro FTP in their FTP client.
Root or admin account access will no longer be permitted. Users that require the ability to execute superuser commands via SSH on the web server will be granted appropriate sudo rights.
When new web space is allocated on a Linux server managed by noise, access controls will be handled via linux group memberships. We will no longer be issuing shared login accounts specific to each web site. An example of a virtual server setup process would look something like this: