Root or No Root - need opinions! - Knowledgebase

Portal Home > Knowledgebase > Articles Database > Root or No Root - need opinions!

Root or No Root - need opinions!

Posted by Tina J, 03-19-2006, 01:42 PM
I'd like to hear from both server providers and server customers. I would hope that this thread can refrain from becoming an opportunity for server companies to get in a quick advert, please. For managed servers, do you think that the end-user (customer) should get root access? Please include reasons why you feel that way. --Tina
Posted by zoid, 03-19-2006, 01:56 PM
I guess it would be hard to deny a customer root access to their server, after all it is theirs. However I would state that any problems which arise due to root usage are not covered by the managed service.
Posted by Tina J, 03-19-2006, 01:59 PM
Well, its their server...but that doesn't mean we have to allow them to do anything they want. After all, we don't allow IRC either. --Tina
Posted by domaindork, 03-19-2006, 02:02 PM
As an end user, I would never lease a server from a company who would not provide root access to that server. In my opinion, root access should be given. If the customer doesn't use it, so be it. The fact is that there are simply some things that are easier to do as the root user, and I want to be able to do those things without having to wait for support to answer my ticket.
Posted by Tina J, 03-19-2006, 02:04 PM
What kinds of things would you need to do via root? --Tina
Posted by zoid, 03-19-2006, 02:06 PM
Well, if I pay for a dedicated server I want to do anything I want - including IRC. If a service provider is taking my full money but only provides limited service I am simply choosing another.
Posted by Tina J, 03-19-2006, 02:09 PM
Okay, so you're actually looking for a specialty type service (not many allow IRC). I'm talking about general-type server management. --Tina
Posted by domaindork, 03-19-2006, 02:12 PM
What kinds of things? I might want to wget and then unpack something on the server, configure and install it. Install an rpm. Check the system logs, like for mail, if there was a problem. Upgrade packages my "managed" host doesn't cover under their definition of management, or do it faster than they do, since they have x servers to take care of and I have one. Run my own backup routine and then sftp those to another location. Check something under an account set up for a client, make corrections, and watch the logs, all at the same time. There are many more things I could would do as the root user than I ever would as a standard user shelled in.
Posted by AvailNetworks, 03-19-2006, 02:14 PM
I think it is nice to have root like the dork said just so you don't have to issue a support ticket if you want to do something yourself. personally I think I would not allow root access unless requested and have them agree to a waiver of damages they may cause
Posted by Tina J, 03-19-2006, 02:14 PM
Installing rpms, checking logs for a mail problem, etc. are things that I would expect a management company to handle...and handle quickly. To me, that is the definition of managed. I look at it like a managed server is pretty much exactly the same as a shared hosting account...except you get one big, giant hosting account on the server all by yourself. The host handles EVERYTHING related to the server. You just focus on your hosting account. Sounds like you're after more of a semi-managed situation. You want them to handle things like security, major problems, etc. - but you want to handle everything else? --Tina
Posted by grandad, 03-19-2006, 02:22 PM
Some people are always going to want to do some things themselves but with the fall-back of having someone available in a crisis. With "average" support I would always want root access but if you really are as good and efficient as your post suggests then possibly it wouldn't be necessary.
Posted by domaindork, 03-19-2006, 02:23 PM
I have a range of servers from unmanaged to managed, and need no handholding. My point is: I want root access to a server that I am leasing, period. If the company won't provide it, they don't get my business, no matter what their definition of "managed" is, since that definition varies from place to place. If one of my clients has a server where they don't have root access because the server is "managed", I find them a different provider. I don't expect that when I go lease a car that the person behind the desk won't let me have the keys and insists on driving me everywhere, and I don't expect not to have full access to a server I'm leasing. I may never use the access that I have. I want to know that it's available should I want or need it for whatever my reasons are.
Posted by Tina J, 03-19-2006, 02:28 PM
Yes, I get it. As I said, it sounds as if you're looking for more of what I would call a semi-managed situation. Which is fine - different people have different needs! --Tina
Posted by Real-Hosts, 03-19-2006, 02:29 PM
We don't give out root I think personally it's too much hassle if they did blow something up, sure you could cron job and email yourself the .bash_history ... but it's just a pain in the butt. So rather 'do things for them' as part of the management package, with pre-arranged additional prices etc.
Posted by domaindork, 03-19-2006, 02:35 PM
I'm not "looking" for anything. I'm answering the question you posed, which you apparently don't need to ask since you seem to have already formed your own answer, so why ask it? You may as well have posted a poll if you're going to disregard what people - a consumer, right here - are telling you: managed servers, root access, yes or no? It would have been just as effective.
Posted by DjMiX, 03-19-2006, 02:39 PM
I agree on that point. That's what we do.
Posted by Tina J, 03-19-2006, 06:04 PM
Chill, please. I was looking for OPINIONS...and you gave yours and I acknowledged your opinion and gave you a respectful reply. I'm not looking for an argument with you, not sure why you're looking for one with me. --Tina
Posted by Tina J, 03-19-2006, 06:07 PM
That's pretty much what we do too. Although, I'm finding more and more customers can be "sneaky" about things and SWEAR they haven't touched anything, when we know better. So, I guess even though we can prove we're right, it just opens up a whole can of worms when root is given. I see both sides and I think the solution might be to offer unmanaged, semi-managed and fully managed. But then, I wonder...what would a customer gain over semi-managed as opposed to just paying a one-off fee each time they needed some sort of server work done? --Tina
Posted by layer0, 03-19-2006, 06:16 PM
Tina, It depends entirely on your target market. Who will be using these servers? If it's hosts then I definitely see reason in providing them with root access, they will definitely want to offer reseller accounts now that they have a dedicated server. (it is rare that they will not) But, if you are just targetting people that have site which has grown large enough to need a dedicated server, then I would not offer root access and set them up a single shared account, or reseller. This why they won't have to worry about configuring anything - sometimes it is less intimidating when there is less access available. So, perhaps have it clearly listed on your site to recommend unmanaged / semi-managed to web hosts, but managed to others like I described above? HTH,
Posted by Tina J, 03-19-2006, 06:23 PM
Well, customers have reseller accounts on their servers without having root. That's not a big deal. Right now we just have managed or unmanaged - with root access given on a case by case basis to managed. Its starting to cause some headaches though. I do think that I've come to a conclusion that perhaps a semi-managed solution is in order. The obstacle I see with that is trying to hammer out a full list of what is and isn't covered. --Tina
Posted by mrzippy, 03-19-2006, 07:36 PM
If the server is trully "fully managed", in the truest sense of the word FULLY, then no root access should be allowed. (Or ever needed.)
Posted by Jame$, 03-19-2006, 08:18 PM
My opinion: Dedicated server needs root access available, whether the client uses it or not. Dedicated, means the whole server is dedicated to you, meaning you should have full control of it. Without root, you simply don't control it. It's good as a reseller account. In the case of CPanel for example, I presume the thread starter means yes root WHM, but with no SSH - when she said "no root". "Fully managed servers" - why the need to deny them root? What wrong with managing it but with root for the user?
Posted by Tina J, 03-19-2006, 08:43 PM
Actually, I meant no root privledges period. WHM root is still root. The customer has the power to REALLY screw up the server with root. Since we're providing server management at a set cost per month, it becomes a loss if we have to spend hours fixing things they broke. As I said earlier, we can always log their 'screwups' and tell them we're not fixing that for free...but how many threads have you come across here where the customer was clearly at fault, yet would not admit it. That's the danger I see here. Also, not all server admins manage servers in the same way. When you start having more than one person manage a server, things can go horribly wrong...configuration conflicts, etc. I honestly do see it from both points of view. I'm just trying to come up with a workable solution for both. We'll probably end up adding a semi-managed plan to our existing managed and unmanaged ones. I just see this as opening up the previously mentioned can of worms. --Tina
Posted by RayWomack, 03-19-2006, 08:53 PM
Client breakage" I think is what Tina is trying to grapple with, without distroying the bottom line. If you are a low-cost managed server provider, meaning you mark up your product by $20 or $30/month and call it managed, you could certainly market it as a managed solution without root access, and I don't think anybody would argue too much. If you provide a high-end managed server, meaning you mark up the machine $75-$125 or more, then certainly you can give the client root, and therefore justify the man hours involved in fixing "client breakage." I believe there is a market for the cookie cutter management service that is a cheap addon. However, let's face it, anybody's time that is any good in this business is $20-$30/hour, and you just can't have that $30/hour guy fixing things that client's break on some of these rock-bottom management plans. CONCLUSION: I have seen it done succssfully both ways.
Posted by Tina J, 03-19-2006, 09:44 PM
Yeah, the $30 markup per month works *very* well when the client doesn't have root. Trouble is, we're seeing more and more of those clients wanting full root. I don't understand that, when we're perfectly willing to handle all sorts of things (installs, adding resellers, etc.). If you want a fully managed server, then you should expect to have it fully managed and not need root in my opinion. We're flexible on that lately (given root access a few times lately) - but, if they screw something up...argh. I have absolutely no problem giving a $100 markup per month client root access, but those are actually the ones that never ask for it! --Tina
Posted by RayWomack, 03-19-2006, 10:04 PM
I see your point, clearly. It's the same as going to dinner at a fine resturant and wanting to get into the kitchen to fix a little side dish to go with the meal. Now, if you are the Mongolian Barbeque, you don't mind too much if your customers come right on up to the grill and slop the stuff around .
Posted by VanHost, 03-20-2006, 02:11 AM
Tina, In my honest opinion, this comes down to your ability to sell your service guarantee. Customer should feel comfortable that they don't need root access, because everything is taken care of - and it should be if they are paying for fully managed. In my personal opinion, a fully managed server should appear as one big reseller account (with the ability to create reseller accounts) that require no administration from the client. Basically, if a client doesn't feel comfortable not having root of a fully managed server they are saying that they don't feel comfortable with your ability to manage that system effectively. Make them comfortable and they'll have no need to have it.
Posted by grandad, 03-20-2006, 03:34 AM
It's a man thing!
Posted by Jame$, 03-20-2006, 04:03 AM
I think features such as adding resellers is something which would have to be implemented to the client end.. I'm still thinking in the WHM/CPanel mode, What would you do, give the client a huge reseller account? A "dedicated server" sold should have at least the ability to create resellers I would think. Clients screwing up their own servers is probably quite common with managed servers It's the reason they chose managed in the first place.
Posted by Tina J, 03-20-2006, 05:16 AM
Actually, that's contrary to what I'm hearing here. What I'm getting out of this thread is that some clients want root...period. I believe what we're seeing here is the need for the three different levels I talked about earlier - managed, semi-managed and unmanaged. --Tina
Posted by Tina J, 03-20-2006, 05:17 AM
Haha. You control the tv remote too, don't you? --Tina
Posted by VanHost, 03-20-2006, 05:26 AM
I agree that is what the thread would dictate. However, you must keep in mind that the thread is being dicated by people that want to do things with root access that should not be required of them if their box is fully managed to their requirements. The integrity of a server is only as good as the people that have access to it. Plain and simple. You wouldn't give car keys to a blind man would you? This of course is my opinion working with clients that are not a part of the WHT crowd. Our clients typically don't know the difference between FTP and POP, so they could care less whether or not they have this "so called root access". They care that their service is running according to their agreements with us. The WHT crowd tends to be a bit - shall we say funny - when it comes to controlling the hand that feeds them
Posted by darksoul, 03-20-2006, 11:09 AM
WHT has a lot of resellers thats why you'll see many ask for root. It really depends on your target market, we don't provide root under any circumstance we're not accepting resellers either so no control panels are installed on the servers. We have people asking for root access because they're used to, previous hosts not providing full service so they have to do stuff instead. But when we explain them how things work and they see that we really take care of servers they don't want it anymore even if we'd give it. If someone can't imagine hosting without root then we're most likely not fit for their needs and we're fine with that.
Posted by RayWomack, 03-20-2006, 12:05 PM
That's exactly right! I say if they want root let them have an unmanaged server and let some of these 3rd party management guys make some money too. You can't be all things to all people. Just pick a business plan and stick to it.
Posted by JohnCrowley, 03-20-2006, 02:17 PM
We offer fully managed servers and do not give out root access. However, we have setup sudo for things like viewing logs, watching top/mytop, restarting the webserver, etc... to allow those more adventurous clients who want to monitor / edit particular things. In all cases this has worked out well. Most of our clients do not want root access, and the few who did were happy with sudo to do the things they wanted without compromising the server or its stability. Per mark-up, if you do full management, then I say charge for it. A mark-up of $100-$400 per month is reasonable IMNSHO. - John C.
Posted by Karl Austin, 03-20-2006, 02:33 PM
Which is exactly what we do, we have fully managed, where we manage everything for the customer, they don't get root access, they get setup as a reseller with most privs. under WHM (if we provide CPanel for them). With semi-managed (or un-managed as we call it on our KDA brand), we make sure patches are applied (although we do use yum to apply them), we monitor the server etc. we'll install stuff if the client can't quite manage it themselves - but they do get root access. With our completely un-managed (under our value brand), you get what it says on the tin, an un-managed server, "Hello Sir, here's what you ask for, here are your login details, don't do anything against the TOS/AUP, have fun.". We tend to find it works very well that way. A lot of our customers who have root access have never used it, they've no interest. You tend to find that those who insist on "having root" just want to use it to poke around and feel like they have power - then they break something, insist they didn't do it, then tell you 4 hours later whilst you're pulling your hair out, "Well, actually, a friend told me to try this command, so I did and then the server stopped working".
Posted by pmabraham, 03-21-2006, 09:53 AM
Greetings Tina: We provide our dedicated and managed dedicated customers with root (administrator on Windows 200x) servers. While this can make proactive server management interesting, we believe that if a customer is renting an entire house, they deserve the keys to the house. Thank you.
Posted by empoweri, 03-21-2006, 10:54 AM
I think we (the entire hosting industry) should all agree to the terms and break down the industry into three categories: -dedicated -semi-managed -managed Dedicated should mean just that either you or someone else you hire helps maintain the server. (if at all :-) Full root access. The provider just maintains the hardware Semi-managed should mean you help with them taking care of the some or all of the server for them BUT they also have root access. You maintain the software, backups and hardware. You do not offer any guarantee on security or software because the customer can break the software. Managed Just like semi-managed you take care of the server for them, no different than a shared reseller account. They do NOT have root access and you offer guarantees with the software and security. Unfortunately I have seen other hosting providers call a dedicated server "managed". We do not offer root access to managed servers. If the customer does needs root for specific issues, sudo is for that purpose. This is no different than if this was within a company. Programmers/web developers do NOT make good sysadmins and a good sysadmin working for a company does not give out root to other employees who just ask for it. That is always asking for trouble if it's your job (or hired) to keep the server secure, stable and running 24/7. Anyone who's asking for root should be then placed ona semi-managed server which then offer no guarantees.
Posted by Tina J, 03-21-2006, 10:57 AM
I completely agree with you, Larry. --Tina
Posted by empoweri, 03-21-2006, 11:11 AM
If you do this then why pay for managed hosting??? Seems kinda silly to pay managed hosting fees when dedicated or semi-managed would be fine for you. The provider should be doing this for you and doing it better than you. For example, just because you can install an rpm doesn't mean you know the issues after it's installed can cause like: - Is the software the latest version - does the rpm you install have a security risk? - did you force an install breaking another rpm package - if you upgrade an RPM does it break other software on the server - What if your site had to be installed on another server because your server failed? this rpm is not installed and your site is not working. If you asked the provider to do it they should have a record of this and/or installed the rpm on all other servers. We actually have systems in place to distribute rpms through ALL of our servers and makes just as easy to install an rpm on one machine as all. I can only imagine if we gave root access to all customers who don't even bother to upgrade their web site scripts (cough phpbb, cough formmail, cough gallery) They can't even keep their own scripts secure, I can only imagine what they would do with a "managed" server.
Posted by whmcsguru, 03-21-2006, 01:04 PM
There is no reason not to allow them root access, really, as long as they accept a blanket "If we get it working, and you break it, it's your responsibility to fix it again" statement. Honestly, I can see both sides to this one: Side A: Customer has root access Customer completely destroys server without thinking about things Customer calls management company to deal with it Customer complains when informed that management company is not going to spend 500 hours working on a server that customer screwed up in the first place for free Side B: Management company denies root access Customer must request any minor change made to the system through the management company Customer must wait hours (sometimes even days) for management company to do their jobs and fix httpd.conf. Customer realizes this didn't fix the problem, so again, has to wait for management company to make another change It's a vicious cycle, and thankfully, in most cases it's not THAT bad, but it can get incredibly so. In the end, your customer is paying for a dedicated server, so there's no reason they shouldn't be allowed root access, after agreeing to the above statement of "If you break it, after we fix it, it's your fault, don't come crying to us to fix it"
Posted by Tina J, 03-21-2006, 01:09 PM
The moral of the story is there are bad management companies and bad customers...somehow we have to figure out a middle ground to protect both sides! --Tina
Posted by empoweri, 03-21-2006, 01:13 PM
Yes a managed server is a dedicated server to that customer but managed hosting is != a dedicated server in terms of service. If a managed provider takes days to fix an issue then you should switch managed providers. Again, if going managed what's the point if you want root access?? It's then not managed and is either dedicated or semi-managed.
Posted by whmcsguru, 03-21-2006, 01:21 PM
For any number of reasons, really, many posted above. As well, most management companies will charge you extra once you've hit a number of hours/incidents. Why should you have to pay them to do something you can do yourself. By not providing root password to the server, the provider is stating that they will have problems fixed in a timely fashion. Now, I know Tina and crew do this , but it's still a huge problem to post a ticket, wait 1/2 hour - 5 hours for a response, post another ticket, wait 1/2 hour to 5 hours for another response, when you can easily solve the problem yourself (usually).
Posted by domaindork, 03-21-2006, 04:59 PM
Calling customers silly must be the new way of getting business. Maybe it's never occurred to you that at times, the only way to get a server in the place you want, with providers you want, at costs that you can pay, or that the client dictates, are with "managed" providers. "Should" being the operative word. I don't want to wait around for a "managed" provider to get around to updating something like ImageMagick when I can do that myself. And I don't want to hang around waiting for an answer to my ticket, which could take hours, then have them ask for more information, then answer, ahve to wait around again, etc. In all that time, I could have done what needs to be done on my own. Please. If I'm installing my own rpms, I can give the reasons I'm doing it and know the associated risks and effects on other packages. Just reading through this forum right here you can pick off dozens of "managed" providers who don't know squat about much of anything. Not everyone who has a dedicated server or servers is a complete idiot. One might apply the same statements you're making about customers to you. Why would I be installing it otherwise? This is nonsensical. Common sense would dictate that if I'm upgrading something on the server that I'm doing so for one of many reasons, one of which may very well be security issues with the old version. How many hosts here have upgraded ImageMagick, just to use an example? Are they aware of the issues with older versions? Do they subscribe to bugtraq? The answers are probably very few, no, and no. If you're asking me if a new rpm has any security issues when it's just been released - well, I'll just ask you the same thing. How do you know that brand new rpm you're installing for a customer has no security issues? Unless you have ESP, this is also nonsensical. And you can tell us all how someone would know that another package would break because of the install of a new package before actually installing it. Because no customer ever knows what their own site requires, especially if they've gone to the trouble of getting an entire server just for that site. Don't be ridiculous. If something doesn't work after a move, you fix it. And I guarantee you that very few hosts around here track what is installed on a dedicated server someone is leasing. Most of them probably don't even keep track of what's installed on their shared servers. How nice for you, but completely irrelevant. Contempt for customers, including those who may very well be clueful enough to do all the same "managed" things you do. What a fantastic attitude.
Posted by empoweri, 03-21-2006, 05:37 PM
I'm calling you silly???? Please.. Based upon your comments on this thread alone you must a joy of a customer to work with since you seem to be right all of the time. I find it very hard to believe that if you are with a true managed provider you are getting a better deal than with some dedicated provider. On top of that you can only get with a managed provider at the data center you want. Very few providers (ie rackspace) have that type of setup and co-locate at the same data centers. If the client dictates they want to be with X provider because they like their service, and paying for the managed hosting, why should you get involved with management of the server? That makes no sense. Let the hosting company do their job. Ah we DO subscribe to bugtak, we've upgraded already. Again if you are paying for true managed service then this SHOULD be part of the service. I'm not talking about companies who falsely advertise they are managed, when they are not. That is another subject altogether. Asking questions about monitoring bugtrak are great questions a customer should ask a managed vendor. Experience and testing/staging servers, that's how. We do. You can also state most hosting providers don't know when their servers fail. and your point is...? Contempt? Again...please. You obviously haven't dealt much with customer security issues. We have web sites compromised all the time because customers haven't upgraded their scripts. Nothing to do with our server software. Quite frankly we don't target wantabe sysadmins we target business and web developers who don't have the time nor expertese to manage their server properly and they know it.
Posted by Coolraul, 03-22-2006, 02:06 AM
Let me try. I am an IT professional. Have been one for 17+ years. I care more about my systems than anyone else does. While it would work for some, I would not accept a dedicated server without root access even if "fully managed". I want the ability to check up on the company that is doing the work and satisfy myself that I am not being hacked because of luck but because they are actually keeping things up to date. I also want the abilty to do what I will (within TOS limits) on my server or I wouldn't get a server but would just get a shared hosting account. It really is a matter of control that for me and while I am not the strongest with this application or that technology, if it affects my systems, I will find the answer while a management company may say "sorry custom script. Someone else does know more about any technology out there than I do but when it comes to my systems, I want to be able to jump in and figure it out or pay for a specialist or whatever if needed. So to answer your question, no I would not subscribe to any dedicated server plan without root access. As an aside, would your management plan support ANY custom script hypothetically? Meaning, if I get my son to write some software will you stay with the installation of it if I ask you to even if it doesn't seem to work?
Posted by darksoul, 03-22-2006, 03:32 AM
You do not need root access for custom scripts, do you ? If that custom script needs some special libs installed the hoster should do it for you. In case its managed. What some of you people can't realize is that same way you chose your hosters managed or unmanaged, the hosting companies have the right, and some do so, to chose their customers. Like I said in a previous post, its fine that you want root access and there are many that will offer you that. There are some that wont so don't signup with those. Simple as that. Related to the bugtraq thing, I hate to break it to you but bugtraq its unrealiable for years now.
Posted by empoweri, 03-22-2006, 12:03 PM
Yes they are slow to release bug info, but it's better than nothing. You gotta use multiple sources to really keep up to date. The vendor's web site (mailing list if they have one), RSS feeds, etc. You can get a little batty tring to keep up with it all. ;-) I wish there was one source to really get all of this info, especially just via one RSS feed and only the software I care about. Freshmeat.net has some notications but that's only for open source software.
Posted by efarmer, 03-22-2006, 01:12 PM
As a provider (solution provider, not a dedicated server provider): I will NOT give root access if it is a fully managed server. If client wants root access then we will not manage the server, however we will help with or without charge depends on each situation. As an enduser of a managed server: I do not want root access to the server, hey I paid you already..... do everything that need root access or else I will not give you my business.
Posted by sirius, 03-22-2006, 04:12 PM
No, you really don't.... read PSFServer's post again.... Do exactly that... if you're out there to be all things to all people, then there is a good chance you are going to fail (and get screwed in the process). For managed hosting customers, they do not get root or administrator level access unless it is absolutely required by an application (the only specific exception I have ever made is on some exchange servers) Sirius Last edited by sirius; 03-22-2006 at 04:19 PM.
Posted by Cyrus255, 03-22-2006, 05:16 PM
Uhhh. this thread is a no-brainer. Root.
Posted by DLee, 03-22-2006, 05:24 PM
I don't think this is a no brainer at all. I think the posts in this thread have been very helpful in developing a definitive image for what managed really is. Check between post number 2 and your post... you might find something interesting.
Posted by Cyrus255, 03-22-2006, 05:38 PM
I suppose me being the customer I have my selfish reasons.... And unless webhosting companies want to lose their business they're just going to have to "give it up" to us customers.
Posted by DLee, 03-22-2006, 05:51 PM
I think the point that some are trying to make is that it is not their business, nor is it even considered "managed" business to give root by default. So they wouldn't be losing business when that's not they way they are doing business in the first place. Most here are holding strong to their original business plan, be it involving the release of root to the client or not. I wouldn't consider the ones that aren't offering root missing out on a chance to attract more clients. Pizza every Friday would attract more clients, but they aren't missing out by not offering pizza.
Posted by domaindork, 03-22-2006, 08:50 PM
Seems kind of silly to pay..." Yes, you're calling someone silly, just because you can't seem to understand a point, which obviously has to be made again below since your reading comprehension ranks right up there with your manners. You're welcome to point out anywhere where I've said anything about being right all the time. There is a vast difference between holding an opinion and believing - as you quite obviously do - that everyone else must be wrong because they do not subscribe to the same opinion. Tina asked for an opinion on a question she clearly had already decided in her mind. I stated mine, with the reasons behind it. Dont like it? Don't read my posts. Naturally, if you can't believe something, it obviously musn't be true. Not only can you not properly read, you read things in that I never said. Where exactly did I say that the client wants X provider because they want to pay for managed hosting? You need to learn the difference between "client says they must be at X datacenter, no matter what, and no matter what provider that needs to be with" and "client says they want to pay for managed hosting because they like the service at X". I couldn't care less what you do. I was asking a general, nonspecific question about the majority of hosts here, many of whom claim to offer "managed" services. The point, for those too arrogant to see past their own noses, is that far too many hosts who claim to provide "managed" services don't know their *** from a hole in the ground. When I want to know what you do, I'll be sure to ask you in an appropriate forum. This is not that forum. Until then, stop inserting shills for yourself. Oh, excuse me. Of course. I've never dealt with a client's terribly out of date application. I've never dealt with a compromised or defaced site courtesy of some l33t kiddie. We all bow down to your technological superiority, as obviously none of us could ever hope to have even a modicum of the experience that you have, o wise one. Grow up. This is exactly the contempt I was talking about. You don't know jack all about me, what I do, or the experience I have. The only thing you're doing - as far as I'm concerned - is making enough of an *** of yourself that if any client ever harbors any atom-sized thought about using your sevices, it will be simple enough to point them to this thread and show them exactly what you think about anyone who isn't you. Who cares who you target? This isn't your personal advertising forum.
Posted by domaindork, 03-22-2006, 08:52 PM
They wouldn't be losing business by missing an opportunity to sell to a customer who would have purchased their service if they gave root access? That's a new one.
Posted by Annette, 03-22-2006, 09:34 PM
Folks, please. Please try to keep it on topic. PSF, please edit that response. It's uncalled for, no matter what is happening here. domaindork, Larry, if you two want to duke it out, please take it to email or PMs. You both have gotten off track and you're acting like immature children. If you'd like to civilly address the topic at hand, please do so. I'll remind you that the topic is " Root or No Root - need opinions!" and that it is possible to state your opinions without getting personal or casting aspersions on others' abilities. Thanks.
Posted by empoweri, 03-22-2006, 09:36 PM
It's targeting your market, business 101. NOT being everything to everyone. I have turned away many customers because it's not the right fit. All good business owners do this and many other business in this thread also do this.
Posted by anon-e-mouse, 03-22-2006, 09:51 PM
Back to our regularly scheduled program. Thread cleaned somewhat.
Posted by Tina J, 03-22-2006, 09:53 PM
whew* Thank you! --Tina
Posted by empoweri, 03-22-2006, 10:03 PM
Regardless of the fighting... I think we actually did learn something from this thread. - Some customers are not the right fit for managed hosting AND/OR - Offer another tier of service called semi-managed,
Posted by Annette, 03-22-2006, 10:05 PM
Actually, I think what he meant (and corect me if I'm wrong here) is that this can be viewed as a loss of business because you're not receiving monies you would have if you offered root access. Personally, I'd term it limiting the scope of product offerings and that would be well within anyone's business planning. Now, if the customer left because they asked for root and couldn't get it, that would be a loss, strictly speaking.
Posted by Tina J, 03-22-2006, 10:08 PM
Yes, exactly. On a side note...HI ANNETTE!!! Long time, no chat! Glad to see you stopping by to participate in my thread. --Tina
Posted by empoweri, 03-22-2006, 10:17 PM
Yes ideally it should be a question that should be asked (by either the client or the vendor) before signing up, not after. Then you won't have the problems discussed in this thread :-)
Posted by Annette, 03-22-2006, 10:31 PM
Hi there. Been an interesting year for me, so it's been awhile since I stopped in. In an ideal world, clients would ask questions that cover all of their needs and all vendors would disclose everything up front. For those of you who do not grant root access as part of your server packages, I would suggest clearly detailing that point. The omission of a statement that you do not provide root access will be taken as an affirmative by the client (i.e., that you do provide root access).
Posted by CD Burnt, 03-22-2006, 11:56 PM
welcome back to active posting. I suppose root access would allow a change of server providers without asking permission . Last edited by CD Burnt; 03-22-2006 at 11:59 PM.
Posted by HNLV, 03-23-2006, 07:39 AM
Its fine for the client to have root access. If a client messes up something in the root, and asks the management team to resolve the issue, they should help the client, even if its the client's fault. The client is paying $75/mo (or whatever the costs might be) for management. And for that kind of money every month, I would expect the management team to get the server back online even if the server is burnt. Now see, if a client is doing this just to piss you guys off, thats a whole different story and I highly doubt something like that will happen, but MOST of the times, the client probally made the mistake innocently.
Posted by Tina J, 03-23-2006, 11:41 AM
For $75 a month, you think the management company should fix anything?!? That would be an absolute terrible business plan and the host would quickly go out of business. I would be willing to fix anything (and even then there would probably be some limitations as to how many times we'd fix it) and give a client root for no less than $400 a month. --Tina
Posted by DLee, 03-23-2006, 12:21 PM
You missed Anantha's point, and we are beginning to veer off topic again. I don't think Anantha was interested in the price (hence those parenthesis), his case was that if a client is paying for managed then they should take care of all issues regardless of who's fault it is or how severe the damage may be. How many times a business is willing to correct an issue due to user error involving root is a good point, though. If one offers root, then should one offer support for root user-error issues? If the line for root is not drawn, where is it drawn for support? How many times is a user eligible to cross it? DLee
Posted by empoweri, 03-23-2006, 12:53 PM
I also agree with Tina but it does come down the $$$ per month charged (doesn't it always :-) ) For fully managed hosting that includes: - nightly backups (with say monthly rentention) - server monitoring (services and logs) - installed software and patch management (including kernel) - 4 hour response time for support - server hardening - 1 hour of month of general sysadmin work (Say that root access is needed for) Which we charge over $100/mo for thoses services. Even $75.00/month for all of above services is still peanuts (at least the real world outside of WHT). Management of a server does take work and time, each month, regardless if customer contacts support or not. So I'm not sure how expecting to fix anything a customer breaks is a realisitic expectation. For semi-managed it comes down to: - limit of hours per month of server support. - the customer waives any SLAs concerning uptime with software, security and services With any corporation/web developer we deal with want the fully managed services without root access because it does unfortunately come down to the "blame game". If the server has a problem they can only blame us. How can a customer who has root rightfully blame the vendor? It becomes a matter of your word over theirs. Sigh, it sounds like resellers here (WHT) want the best of both worlds without really understanding the work involved or the rates that should be charged. To clarify this post and other previous post on this thread: My point is NOT to advertise our services and rates. I can only speak for our services and can only give examples on what WE do. I cannot speak for others. :-) Last edited by empoweri; 03-23-2006 at 12:57 PM.
Posted by efarmer, 03-23-2006, 01:01 PM
My personal observation: When a party is willing to pay a decent amount for server management, that party usually do not need root access and their time is too precious to play around on the server, they will use those little precious time to do what they do best.....run their business. When a party insists on root access and only willing to pay so little for a managed server, this party has all the time in the world to create havoc on the server.......not intentionally but due to trial and error or learning to do things. To allow root access or not depends very much on the provider's business plan. To me to allow or not is not important, some will need and some do not. You need to be flexible enough to cater for both side. Of course I think one will be silly enough to charge say $25/month for full management and allow root access.....on the other hand this is also the choice of those providers. The most important point I think is that the buyer must be aware of having or not having root access before they subscribe to your plan/service.
Posted by JohnCrowley, 03-23-2006, 02:03 PM
Here are some reasons why we do not offer root access as a managed server provider: - We have many custom scripts/processes that are "root viewable" only that are used to maintain security, logging, etc... Although "obfuscated", we do not want clients viewing these scripts, as the potential exists for theses scripts to be exploited based on reverse engineering, willfully or accidentally, and exposes more than we want in terms of security by obscurity (a valid technqiue when used appropriately). - Although we keep all server software updated and patched, many times a new version or what is considered an "exploit" is not applicable to the software currently running on the server. Clients with root access are often not as "keyed in" to these nuances, and start thinking software is exploitable, their servers are insecure, etc... when in fact they are completely secure. - With root access, a client can accidentally open up more security holes that we would have no idea were opened. This can lead to breaches/issues that are beyond our control, and makes it difficult to repair. - Giving a client the root password means we no longer have control over that password. How many clients put their password on their desktop and email them around? With root, a simple php script injection attack becomes a full root exploit with root passwords. We cater to businesses, not personal hosting, so most of our clients do not want root anyway. If they really need root, we offer sudo as an alternative for specific functions, and will give root out in special cases, but as a general rule, keeping the client away from root protects them more than us. - John C.
Posted by Tina J, 03-23-2006, 02:24 PM
Yes, this is true in our case as well. This is EXACTLY and probably the BIGGEST thing that takes up time that shouldn't. We have spent a countless amount of time explaining to the customer that "no, we got that covered...its not a problem"...only to have them come back and say "I read on WHT that this needs to be fixed"....and so on. My admin actually gets invited all over the world to speak at network security conferences....and just spent time in Miami teaching a week-long $5000 per student class. But, when a client with a copy of Linux for dummies is particular there's a problem...we have to investigate and then write a tutorial on why its not a problem. Since we provide $30 a month server management (our niche right now), it just isn't cost-effective. I'm trying to come up with a solution that will work for both customer and us. This thread has given me alot of good ideas - especially the 3 levels of servers (managed/unmanaged/semi-managed). Exactly. You said everything that I wanted to, but better. --Tina
Posted by dkitchen, 03-25-2006, 12:12 PM
We only give out root access to managed servers on very rare occasions, and only where the customer seems to know what they're doing. I got sick and tired of mixing customer access with managed services. Unfortunately from experience, people with "managed" servers use them to experiment and learn server administration, break things, and then exploit support to have what they broke repaired. Not to mention the security holes they open up by playing with settings. In the unlikely event that we give root access, if any extra work is required to repair what the customer has done it's also charged as administration time rather than being covered under the managed policy. Dan
Posted by Tina J, 03-25-2006, 12:13 PM
Have you had to enforce this policy? The problem I see is that the customer doesn't believe that what he did broke the server. --Tina
Posted by dkitchen, 03-25-2006, 08:30 PM
Yes, because we don't fix it until they've agreed to be invoiced for admin time. Dan
Posted by Tina J, 03-26-2006, 01:31 PM
I would be afraid of that leading to a chargeback situation. --Tina
Posted by s444, 03-27-2006, 06:58 PM
Well if a customer needs to ask this question then NO they should not have root access.
Posted by Luxore, 03-28-2006, 11:45 PM
We do not give root access. Part of what people pay us for is to protect them from others, and part is for protecting them from themselves
Posted by dkitchen, 03-30-2006, 05:15 PM
You never heard of a debt collection agency / court hearing This is my method for recovering capital from people who owe us it and chargeback / don't pay up - and it works very well. Because we pass it on to a third party company too it takes none of my time either, and the person usually gets ordered to pay our recovery prices alongside how much they owe if it does go to court. Dan
Posted by Karl Austin, 03-31-2006, 05:12 AM
Same route we take, we decided a while back now, that all customers 3 months past due would be handed over to debt collectors - Saves a lot of hassle, we have a small amount of prices to pay, they have the larger proportion of prices - If we get the vast majority of our money, then we've come out on top.
Posted by brianoz, 04-01-2006, 11:49 AM
I'm with you on this Tina, and Larry as others. Speaking as a unix admin of 25 years, some of the customers here are positively dangerous. There's no way you can guarantee a server will continue to function with someone with zero understanding playing around with it, and so root access will cost you more in maintenance, which then needs to be reflected in price. Despite my experience, I'd be quite happy NOT to have root access if I was working with a responsive management company. Especially since I could then assume that I was getting a higher reliability. My experience in general with this over the years is that the people who insist on root access are generally the liabilities that one should NOT give root access to, and the ones who DON'T want it are the ones who it is safe to give it to. Not wanting root access demonstrates a degree of responsibility and maturity in most cases. Of course, here some customers only want assistance with management. I actually get some assistance myself, and it works really well for me - I don't have the time to run my company as well as to do the necessary study to keep my servers current and stable. I do the admin over and above that maintenance, so for me a hybrid works well, others needs may vary.
Posted by disciple1, 04-07-2006, 10:58 AM
I am a customer who knows little to nothing about server administration. I have root access to my server and I also employ a third party resource to take care of my server. I am not one who starts dabbling and trying to do things but there are particular things I can do and don't feel like I should have to wait on a ticket to get them done. I also work with my 3rd party admins to learn how to do things with my server. I don't think I have ever tried anything on my own without running it by them first to ensure it was correct or feasible. But I understand that not everyone is like that. It is my server as long as I am paying for it and I would expect to have access to any portion of it I want. Just my $.02. Rick
Posted by aLeX_1, 04-10-2006, 09:07 PM
My opinion as a customer is: Since i didn't chose a "managed plan" i MUST have root access, the reasons are stated in most of the above posts, plus i'd like to mention that there are also timezone differences and NOT all companies offer 24/7 Support so root access might SAVE my whole buisness. Or think of it... Your server might not start apache correctly after a power down in the dc... then what? Who is gonna wait for the ticket so that apache is up again? What about someone who has over 25 sites on his server? He will loose all his clients right ? Anyway my opinion is clear, since u pay for a NON managed server yes you should have FULL ROOT ACCESS.
Posted by efarmer, 04-10-2006, 09:27 PM
When you have the "correctly full managed" server, the provider will do everything to keep the server up for its purpose. Example if it is fully managed H-Sphere server for web-hosting, the provider will do everything pertaining to the running and security of the server, you just use H-Sphere to manage your plans and clients. A smart and successful businessman delegates tasks and pays small money to make big money. Why be cents wise and dollar foolish. Last edited by efarmer; 04-10-2006 at 09:31 PM.
Posted by aLeX_1, 04-10-2006, 11:04 PM
Sure but the topic's title is Root or no Root so i just replied with my opinion if someone chooses a fully managed server then he shouldnt have root acc or he could have a more privilleged account just to see logs etc
Posted by lelahosting, 04-11-2006, 02:34 AM
all of our servers are fully managed and we do give root access. most never use it but if they need t for whatever reason they have it. AvailNetworks, that should be in the managed providers TOS and not a seperate agreement.
Posted by brianoz, 04-11-2006, 09:58 AM
It's a hard call. Some people destroy or damage their servers when given root. Based on the grammar of some people posting here, no way would I give them root if I was managing the box. The rule of thumb I used to use when administering big commercial Ux sites in the 90s was, if they ask for it, no way should they get it. If they don't ask for it, then they can probably be trusted with it if they need it. Funny how often that worked out to be exactly correct. I guess there's something there about having enough wisdom to know you shouldn't go there meaning you have enough wisdom to be trusted to go there. Despite 20 years Unix admin, I have someone good do some of my admin and security updates. I don't meddle with the stuff they put in, in general. For me it's a smart business decision - I don't have the 2-3 weeks to read and study and test and get it right, they do, and they do a great job. I guess this is another middle-of-the-road approach between managed and unmanaged.
Posted by pergesu, 04-11-2006, 10:06 AM
I think it's pretty simple - you give out root if you want to, and don't if you don't. When people rent a dedicated server, they're renting a service, not a piece of hardware. It's not like they own the machine or anything. You're under no obligation to give them full control over it. If you have clients that leave or throw a fit because they don't get root, so be it. It's up to you to determine what kind of service you want to provide and what kind of clients to cater to.
Posted by empoweri, 04-11-2006, 04:38 PM
The thing I found interesting in this thread is some people stated they DO OWN the server?!? and should be able to do what they wish with it? huh? Try claming it as a deduction on your business taxes. Unless you own the server and co-locate it yourself, it certainly is NOT your server. you must adhear to the TOS and AUP the provider offers. This includes them restricting root access to managed servers. It's up to the provider if they do offer root access for managed hosting. We don't. If you don't like that option, there are other providers that do offer it. They might be better suited for what your needs are and a better target for your market. Like pergesu said it's a service, a black box, that you'll mostly likely never see or touch. Be it dedicated, semi-managed or managed it's still a service. It just depends upon how much work the provider is doing for you. Cheers. Last edited by empoweri; 04-11-2006 at 04:42 PM.
Posted by Jay Suds, 04-12-2006, 05:01 PM
We give all clients root/admin access to our dedicated servers. We tell our fully managed clients that if they screw something up and need us to fix it, it will cost them extra. We make it clear that the reason they have a fully managed server is so that we can handle their server management tasks, and make sure that things are done properly the first time around. Doing something right the first time takes a lot less time than having to figure out what the customer screwed up, and then doing it right after fixing whatever the customer broke. Our customers also agree to this in their contract with us; if they cause harm to the server we reserve the right to charge extra to fix it, at ridiculous hourly fees. Practically speaking, we rarely have to charge someone for screwing up their own server. We probably have 1-2 'server harm' related charges per year, and they are only assessed after repeatedly giving the customer the song and dance about not doing this or that, and having them do it over and over again. We are also fairly lenient about things are easy to fix; as in things that do not require senior staff time in order to resolve. With our semi-managed and un-managed customers, the line is much more clear as those customers are paying considerably less than our fully managed customers. The policy with those customers is you break it, you buy it.
Posted by h4wk, 04-12-2006, 06:53 PM
i loving having root. but i understand the host's point of view. like most people i don't mess with things i don't know about. i just ask the host for help.
Posted by Zenutech, 04-12-2006, 07:33 PM
In my opinion Tina, I think a fully managed server should not come with root access. In the case that root access should be provided for whatever reason, I would recommend doing it a way that allows you to log the shell actions. For example, you might have a control panel with a JAVA Application running on server A, giving them root access to server B. Then you can log everything in server A, in case they break something. It also provides you with the material that you will need if you need to fix something and justify that they trully broke something. The .bash_history file may not be enough, which is why I introduce this Java APP.
Posted by edifice, 04-12-2006, 11:05 PM
In my opinion, it matters as per the definition of what you mean by offering Managed hosting solution. Would you take care of everything on the server, or you will manage everything that will ensure maximum availability of resources? The end users should be given limited sudo access and they must be told in advance about their limited access to the server. Some customers are very technical and they just need root account to be able to do anything on the server. In such cases, you may not want to offer 100% managed solution for the server or you may want to include a point in your SLA agreement to avoid any confusion arising out of customer's activity on the server.
Posted by reiteration, 04-16-2006, 04:58 PM
Managed = Absolutly not Its a fully managed server and will/should be backed up with SLA's Giving root means you cannot keep these SLA's Semi-managed = If they want it Semi-managed deals with OS management ONLY. If they bugger it up you offer a rebuild. John
Posted by Tina J, 04-18-2006, 06:00 AM
Well, it finally happened...and I'm steamed. Someone placed an order for a managed server and we delivered it to her. She then started demanding loads of access (including root and some other features that would directly conflict with our configurations). When I told her managed servers don't come with that sort of access, but I could hand it over to her as unmanaged at a discount, she asked to cancel and refund. Since we don't have a refund policy on partial months for dedicated servers, I told her that we'd issue a pro-rated refund the second the server sold again, which I told her would probably be within a few days. She cancelled and did a chargeback. In over 5 years I have never had a chargeback on my Paypal account...and now this. Its not the money so much as it is the fact that people seem to think they can issue a chargeback on vendors just because they changed their mind...or didn't do proper research ahead of time. Oh...and she was told before the order that we didn't give out root, but I was actually willing to work out some sort of arrangement with her on that too! I'm so angry. --Tina
Posted by Zenutech, 04-18-2006, 06:13 AM
Wow that sucks. I'm surprised that she did a chargeback on a premium service. (Usually high-end customers are no problem in my experience)
Posted by Karl Austin, 04-18-2006, 06:15 AM
Did you have a signed contract Tina? If so, then find a good debt collectors and hand it over to them - Sure it may cost 100% of what you get back, to get back your money, but at least it'll point out to people that you are not to be taken advantage of. We send all amounts to debt collectors now, there are far too many people willing to take you for a ride if you don't take a firm stance.
Posted by dkitchen, 04-18-2006, 06:15 AM
I've now moved on to paper based contracts for dedicated servers which I required signed / faxed back because I'm sick of chargebacks... We really need to start doing things to defend ourselves here in the hosting industry. With a paper based contract & debt collection agency, it 's dead easy to recover what the customer owes you, and have them pay all your legal prices also. Dan
Posted by Tina J, 04-18-2006, 06:18 AM
I agree. However, this is probably one of the most whiniest, demanding customers I've ever had the displeasure of dealing with...I almost saw it coming. Example, at 11 am I told her we were working on hammering out a plan that would hopefully give her the access she wanted as well as covering our butts, and I would contact her later that day (also offered the pro-rated refund). By 3 pm she cancelled and issued a chargeback because, in her words, "I never heard anything back from you". Signed contract...nope. The reason is because we do things month to month and there's no real reason to bother with it. My biggest concern has always been fraud, which we are able to 100% prevent by doing proper fraud screening. Seriously, I don't see myself persuing it with collections, although that is an interesting idea and I might just look into it. Who do you use for collections? --Tina Last edited by Tina J; 04-18-2006 at 06:26 AM.
Posted by reiteration, 04-18-2006, 06:49 AM
Thats quite bad of them. We only accept the setup fee on cards, after that all clients pay quarterly in-advance by transfer. Any business worth anything will be fine with this. John
Posted by Tina J, 04-18-2006, 08:52 AM
If I had to request all payments made by transfer, I would get out of the business. That seems like a clunky way to accept payments. I don't have that kind of time. --Tina
Posted by mrzippy, 04-18-2006, 10:40 AM
I'm not sure I see what month-to-month is not a good reason for a contract? We also require a signed contract... even for month-to-month. The contract basically says that the contract will renew every month unless they follow the cancellation process. It also spells out what is and is not included in the service. (ie: That root is not provided, etc.) We require such a contract for any service we provide that is valued over $150/month. We've never had a customer complain about it or even mention anything about it. Most customers seem to expect this kind of thing, since these days you can't even buy a cell phone without signing something... so why would a server or web hosting be any different?
Posted by SDC-Eric, 04-18-2006, 10:42 AM
It kind of depends on your target market(for root, and for wire transfers ). If we didn't offer root with our servers we might as well pack up. Of course, there is a huge difference between b2b, and c2b
Posted by Tina J, 04-18-2006, 10:42 AM
Because, in my mind, a fully managed server is nothing more than a big ol' reseller account. We don't require contracts for hosting accounts, so it doesn't seem worth it to require a signed contract for servers. In all my years of doing this, I have never once been bitten by a chargeback on a dedicated server. Other than sending someone to collections, which I'm not sure I'm even going to bother with, I don't see what a signed contract could protect me from. That said, its not a bad idea at all. --Tina
Posted by efarmer, 04-18-2006, 11:18 AM
Any debt collectors doing International collection? Signed contract is a good idea.
Posted by borghunn, 04-18-2006, 12:29 PM
I don't think requesting a signed contract would help you. I think you will loose clients, because they might think you have problems, or they will feel ofended because you don't trust them. If you have a good business, let it stay the way it is. This things are happening all the time because this is the way sistem works. There are bad merchandisers, and there are roules to protect clients against them. Sometimes clients abuse this roules, but this is happening usualy in the first mounth, when clients are testing the limmits.
Posted by mywebserver109, 04-21-2006, 04:23 AM
it's always a bad idea to give people root access. not that most people have evil intentions, just lots of oops can mess a server up.