Do all the things like ++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatarSign Up
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple APILearn More
Out of curiosity: What do the web developers need to configure?
Kimmax114863yI wouldn't dare installing one of these. The way they work you are pretty much rekt if one serious security problem arises, as most of them either do exec() here and there and to make matters worse run as root.
Doesn't happen? Just some weeks ago a bug in Webmin allowed running commands as root without logging in and a day later it was being exploited already.
Web devs shouldn't need access to the server directly. Maybe setup sftp for them, locking them into the web root, or implement a clean CI/CD pipeline
Kimmax114863y(Also why is your mail server running in the same context as your web stuff? Cue: LXC containers)
C0D4706343yA dev *shouldn't* need direct access to production servers, everything in a production server(s) should be replicatable in another environment.
Your dev should change the way he works, not the other way around.
Even direct DB access I would question, hell I deleted a backdoor a dev wrote once to give him direct db access - it's security was a fucking email address. *mini rant - I'm good now*
There should be a process in place for migrations and ci/cd to some extent if not automated completely.
Database updates should be rolled out in advance if required, or at least not hinder the site useless during a migration period - again you don't need direct access to do this.
*shouldn't: unless under a major failure or investigating an issue that can't be reproduced, a dev has no reason to access production.
Source: I'm a dev, I have root access to all my environments, I never let myself or other devs login directly without proving its needed.