potential security concern with non-root level account
Posted on 2006-07-13
I'm assigning a lot of points (I think) in hopes that I can distribute the points according to the number of answers I get. I hope that's not considered lame.
Recently as a systems admin I was asked to create a non-root level access account on a web server. The environment is two web servers with one of those servers also providing the staging environment. This was put into place before my time and I've fought ever since to get the client to aquire a staging server on separate hardware. Also, there is only port 22 access open to the environment from the client's IP and our IP. Also, obviously port 80 is open to the world.
The question is or the debate is whether creating a non-root level account for the client on one of the web servers is a security risk worth worrying about. The account would have ssh access to the box and be able to make changes to the directory structure underneath the staging directories.
My concerns are that not only is this a bad idea because we have the burden of making sure the sites that are hosted are available but also that maybe there is something I'm overlooking in terms of write access to the filesystem. This new user would only have write level access via a group membership to /var/www/html/staging while being barred the same access to the production environment that is located under /var/www/html/production. What are the potential problems with this scenario? Also is it trivial to gain root level access once an account is created?