I see many server, vps vendors provide fully managed service, but with root access too. I wonder how they manage the server, vps then??? 9/10 customers go with fully managed cause they dont know how to manage server, and in that case, with root access, they can do anything to destroy the server. So, why provide root access in fully managed case?

I have a vps that is fully managed by the hosting company (eApps). If I delete the entire system, they have a backup from last night that they can restore the system. Basically, it's my system, I'm paying for it, if I want to destroy it, that's my right, but they provide recovery and any tech support and monitoring I need to keep everything running.

Axishost hit it on the nail. Managed without root or root without managed. simple.

So, why provide root access in fully managed case?


to get more customers.

Someone knows little bit on how to manage the server, but they would need fully managed. In case of some complex issues, they have no time, then they will need their provider to fix it for them.

All my managed customers have root. Why not?

It is part of our TOS if they whack it and delete things they shouldn't they have to pay for us to fix it. We always tell them if in doubt ask first before pushing the enter button.

Have not had a customer yet destroy their system. Some have made a few silly mistakes and we fix it and warn them not to do it again. Most ask first and most are learning to admin their own boxes by asking us and we tell them what to do.

Besides without root how do you know your management company is really doing it's job?

Techark,

Simple. If you don't trust your management company, you shouldn't be with them.

Noone should touch root that you don't touch. In my case, I don't have root.

I know how to manage a box, but I don't have root. I trust AxisHOST to handle it. If I didn't trust them, I guarantee you they would not have root whatsoever.

I trust AxisHOST to handle it. If I didn't trust them, I guarantee you they would not have root whatsoever.

I think the issue goes a bit beyond the question of trust. It is also a question of what is covered under "fully managed" services. That varies from provider to provider. For many providers, it would mean keeping the server online and running 'yum update', 'aptitude update' etc on a regular basis (perhaps even via cron), but may not cover any additional services (non-standard installations, log checking etc).

So having a "fully managed" server does not necessarily mean the server is safe and sound since there would be limits to what actions the provider takes to maintain the server (or VPS). Log checking is a particularly doubtful area, since it is such a critical aspect of security and yet some "fully managed" services do not include log checking at all, and even those that do may not check the logs regularly (or may only check them when a problem occurs rather than using the logs to prevent problems).

Having root access can enable you to "fill in the gaps" to ensure that all aspects of server management are covered, but of course if you need to do that then you probably might as well be managing the server yourself anyway.

When mentioning to "fully managed", I mean customer just needs to create accounts by control panel. The vendor will be in charge of server management, pro-active in monitoring all services...

FreelanceMan: delete the whole system will be easy task. If customer did something wrong in system, the tech will need to spend time to troubleshoot it, find out the reason then fix it. It would take long time = spend more money into it. That's why I have this question

I can see both sides of this. If you are the person managing a server it is very easy for someone with root access to screw something up. At the same time if a person knows some about server management and is trying to learn how to fully manage their own server they are going to have trouble learning to do this without root. And then you have the people who know all of the basics of server management but are using managed servers for one of the many reasons listed above and just want to check on how their servers are being managed. Trusting your server management company is great and you should be able to trust them, but also having the ability to check to make sure things are being done correctly and nothing was accidentally missed is always a plus.

John

I can see both sides of this. If you are the person managing a server it is very easy for someone with root access to screw something up. At the same time if a person knows some about server management and is trying to learn how to fully manage their own server they are going to have trouble learning to do this without root. And then you have the people who know all of the basics of server management but are using managed servers for one of the many reasons listed above and just want to check on how their servers are being managed. Trusting your server management company is great and you should be able to trust them, but also having the ability to check to make sure things are being done correctly and nothing was accidentally missed is always a plus.

John


Its not black and white. The argument shouldn't be "Managed providers should provide root -vs- Managed providers should not provide root." There should be managed providers that cater to each group. You should choose a provider purely on your specific needs.

There are managed providers who will handle the basics (initial hardening and routine updates) for you, but generally not much else, and give you root access. You screw something up, because you want to learn by trial and error, they will charge you for it.

Then there are managed providers who will handle everything from A to Z for you. In this situation, you shouldn't have root because you shouldn't ever need it. That's what you're paying your provider for.

Neither situation is better than the other, on the whole. However, you have to judge each situation and determine which is best for you.

--Tina

The vendor will be in charge of server management, pro-active in monitoring all services...

Understood. However, the extent to which the VPS provider would proactively monitor all services varies, and people entrusting their VPS management to a third-party provider should find out exactly what the provider is doing. For example, are logs being checked daily? Is the process list being monitored? Or is it just regular software updates and emergency fixes that are covered? In many cases it will be only the latter and obviously that is not really adequate to properly manage a server.

with root access, they can do anything to destroy the server. So, why provide root access in fully managed case?

Because there is a demand for it and the costs associated with some servers being "destroyed" by the customer can be factored in to the VPS pricing so that the associated costs of such accidents are adequately covered.

I agree with AH-Tina. In fact, her company once managed a server we resold to a customer and it was awesome. She provided true "fully managed" service, which included *everything and anything* related to administration of the server.

Root was not allowed.

But more to the point, it was not *needed* since she was managing the server and took care of anything the customer needed. I recall several instances where she installed some scripts, tweaked cpanel, and even just gave some good advice to a few questions we had.

In my opinion, if a server is trully "fully managed", then root access should need be *needed* by the customer.