Staff file access
Hi there. For any and every server owner out there.
Do you let your staff access any files on your server.
If so / if not please state your reasons and your way of going about it😁
10 Replies
Actually very limited number of people have access to console/fiesystem of production servers. About what "staff" category you talking about?
No category per say. Just in general. My server is not in a production stage yet tho i can tell by the amount of work there needs to be done i really need to get more hands on the project. So i basically just wanted to know how other server owners handles file access and staff etc
It really depends what do you want to protect and whether you need it at all.
^
I normally do file access if required but hidden automatic backups
(using pterodactyl)
So there is my policy:
- Each staff member have to have their own account (individual SFTP/SSH credentials and etc). There are a lot of ways to do it, so the most easier is using Pterodactyl that also provides audit log.
- Provide test server instance with copied files from prod if possible.
- Make leaked auth credentials useless: basically allowing authentification from certain clients and IP addresses (i.e. for MySQL).
Principle of least privilege.
If your staff doesn't need access to files, they don't get access.
I don't know what you actually expect to hear 😄
If the staff are expected to maintain the server and update plugins/plug-in configs, then those people should have file access
If the staff are expected to just ban cheaters and enforce server rules, then they probably don’t.
Minecraft community is known to have a lot of drama, corruption and bad actors. Less people with file access, less people that can do rm -rf ./*
(Or less people that can get hacked and do the same)
I don't recommend giving your staff permission to your files. allow only if you really trust or know your staff.
I appreciate all the comments on this thread. It has certainly given me stuff to think about.
Thank you all😁