I have a managed VDS with a relatively new provider in Turkey.
Some weeks ago, I asked support in order to solve a permissions-related issue with a php script that was not working. This issue was related to a client's cPanel account.
After few hours, I received a SSH login alert, reporting an unknown IP access to my client account from Saudi Arabia.
I informed the provider and he replied "That's my friend, trying to solve the issue".
They also tried to run the script by assigning su privileges for solving the issue.
This mean that the provided passed my client's and root credentials to an unknown friend without informing me in advance and without asking my permission.
Later, I said to the provider that I'm disappointed for this kind of support and he was highly offended.
I understand the goodwill of the provider, but I immediately removed all my accounts from them.
Maybe I'm exceeding in considering this a serious security and support lack?
I have been exaggerated in loosing trust of this provider?
You did the right thing. The provider is most likely a one-man show. Not that there is anything wrong with that, of course. But giving access to a random friend (i.e. not a <hosting company> employee) is completely unacceptable without obtaining prior permission.
They should have asked you first, perhaps with something like this:
"I'm having a bit of difficulty solving this issue. I have a colleague who has extensive experience with these sorts of problems, but he is not a <hosting company> employee. I would like to ask your permission for him to take a look so we can get this issue sorted out as quickly as possible".
If the provider said, it's a temp consultant working remotely would this be a different story?
Tha provider said exactly "That's my friend, trying to solve the issue". I never heard about some company's consultants.
However, my opinion is that this don't exclude that the provider should have asked my permission, or at least informing me, before giving away my root and client's password . Instead, I discovered it casually.