SSH + FTP Security ISSUE !

[SIZE=2]Hi to all,[/SIZE]
Please explain me why when i “Deactivate” account in Interworkx at “SiteWorkx -> Accounts” page only webpage for this customer not displayed? SSH access continues to work while I will not turn off him forcedly at the page “Shell Users”. Secondary problem - this is FTP access, after Deactivation finish FTP access for FTP users from this account continues to work, and i dont know how to disable this account. (I can only “Delete” account for suspend all access to server for this customer… but this is not good idea).

As i think this is Security BUG, explain me please if this my misstake.

[SIZE=2]P.S: Sorry for my English, i`m from Ukraine ;)[/SIZE]

Thank you.[/SIZE]


It’s not a bug, just by the fact that it works the way it is programmed to work. I wouldn’t call it a security issue, since there are different reasons you may set an account inactive.

Currently, setting an account inactive does 2 things.

  1. It prevents the user from logging in and using the SiteWorx interface.
  2. It disables their website

If a client is behind on their payments, that may be all you want to do - just enough to get their attention so they’ll pay up. This leaves the client’s mailboxes working, so they can communicate with you about the reason the account is inactive. It also leaves FTP open, so the client can collect their files that way, if they choose to.

If you’re setting the account inactive due to “bad behavior” - hacking, spamming, etc of some kind, I could see wanting the “inactive” setting to do more disabling, and this is a valid feature request, but the software doesn’t do it right now. More manual work is required to disable the various services you might want to disable for the user.

I hope that explains things a bit,