Linode.com Forum

[harmone]

Feature request:

I have a friend whom I'd like to borrow one of my Linode accounts to, for a few days. But I don't want him to be able to delete/modify any of my existing images. I also don't want to give him access to mess with my credit card info in the Dashboard. I want him to be able to create new images/profiles and have complete access to them. I would want him to have a separate login and password to my Dashboard.

I would also like to make it impossible for him to access my other Linode account that I have merged with my first one. Oh, and no access to change reverse lookup, mounting my images into his images, and I guess some other stuff I haven't thought of yet.

I want to lend him my development account so he can fix a problem with an extension he has coded for Mediawiki. It works on his 1.10 version but not on my 1.7.1 version. So I don't trust him completely but enough to do some experimentation with a few of all the distributions you offer here at Linode.

I've shut down my server and created a fresh one with a root password I gave him that he can use for a few days. Hmm.. Come to think of it - I suppose he does not have access to mount any of my other images while he is logged in as root? I haven't included them in the accounts Dashboard profile and I have separate passwords for his, my root passwords and my linode Dashboard password.

[victorkane]

It's probably too late for this example, but for future situations like this one, I create a development environment.

1. I create a user called "developer".
2. I create a subdir under developer's home directory called www.
3. I configure apache to make this a virtual host, perhaps as a subdomain. If you are using zoneedit, point this subdomain to the same ip. This is like creating a subdomain in cpanel in regular hosting.
4. I install mediawiki there (making any necessary adjustments in terms of permissions to where the apache user needs to write).
5. The developer can connect via ssh and sftp and work completely within their own environment without any of this having anything to do with the linode account, or the root account on your linode.

If you don't like point 3, then simply install mediawiki in a subdir of wherever the document root is and change permissions, maybe even symbolically linking that subdir to a subdir under developer's home page account.

Hope I didn't misinterpret you, and that this helps.

[harmone]

victorkane wrote: It's probably too late for this example, but for future situations like this one, I create a development environment.

1. I create a user called "developer".
2. I create a subdir under developer's home directory called www.
3. I configure apache to make this a virtual host, perhaps as a subdomain. If you are using zoneedit, point this subdomain to the same ip. This is like creating a subdomain in cpanel in regular hosting.
4. I install mediawiki there (making any necessary adjustments in terms of permissions to where the apache user needs to write).
5. The developer can connect via ssh and sftp and work completely within their own environment without any of this having anything to do with the linode account, or the root account on your linode.

If you don't like point 3, then simply install mediawiki in a subdir of wherever the document root is and change permissions, maybe even symbolically linking that subdir to a subdir under developer's home page account.

Hope I didn't misinterpret you, and that this helps.

Thanks for your tip. You didn't misinterpret anything. We could do as you suggested. It's just that the method I suggested would make it easier for us. No risk of messing a detail up, leaving a stranger access to things that he was not meant to have access to. If I just give him a server of his own I don't have to know much about security to know that he wont be able to do bad things. And the developer in question don't use Debian at all so its easier to just "apt-get install mediawiki" than to install from sources on a distribution he has never used. And he must use Debian in order to be able to find the problem in case the cause was distribution specific and not only Mediawiki version specific. In our case it would be a lot faster and I would feel more secure if I could just lend him my account and a fresh profile/image for a few days.

But thanks for your suggestion. There may come other situations where your tip will come in handy.

[kangaby]

You could always spend $20 and rent another server for a month, and not link it to any of your existing accounts.

This would achieve all your goals. maybe.

[gregg]

yeah, i agree. $20, or 40 for 2 months, you're done and no concern about security with your existing account.

if that's too much, maybe just find an old pc to install a test system on, or setup virtualization on your pc with something like vmware
http://www.vmware.com/download/ws/eval.html
they have a free server version as well
http://www.vmware.com/products/server/