-4

I have sold half my dedicated server to somebody but I dont want them accessing my web hosted Plesk files for my Wordpress website. As some of them are custom and confidential.

I gave them local admin rights so the can install programs and as Power User is pointless now. I trust them enough for that but I dont want them to have access to the few folders normally managed by Plesk.

Is there a way to block access to those folder from the other admin, please?

I have secured private folders on my desktop but I cant encrypt my website folder, can I?

As mentioned, it is a dedicated server with Windows 2008 R2, hosting my website with Plesk installed.

HopelessN00b
  • 53,385
  • 32
  • 133
  • 208
Gary Carlyle Cook
  • 127
  • 1
  • 5

4 Answers4

11

No. There is no way to prevent an admin from being an admin.

You cannot simultaneously have your files encrypted in such a manner so as to keep them safe from the prying eyes of another administrator on the system, and have an application seamlessly decrypt and access those files in a way that an administrator could not also mimic. To suggest otherwise might lead you to a false sense of security.

Michael Hampton
  • 237,123
  • 42
  • 477
  • 940
Ryan Ries
  • 55,011
  • 9
  • 138
  • 197
4

Unfortunately, as for as admin rights are concerned you either trust the person or you don't. You can change the NTFS permissions and ownership of the folders, but they can take ownership of the folder themselves and change the permissions, delete the folder, etc.

Katherine Villyard
  • 18,510
  • 4
  • 36
  • 59
4

The only way to prevent an administrator from accessing a file or files is by encrypting them with a key which the other administrator does not have.

In that vein, you could look into using EFS to encrypt your Plesk files, but any permissions or access restrictions you place on the files in question can be undone by any user with administrator rights - that's the nature of administrators.

I have no idea how EFS might cause undesired behavior with Plesk, as I've always considered it more of a virus than anything, but like I said, it's something worth looking into, because it can be setup such that only a specific user has access to the files and other users, even administrative users do not (as could any other encryption scheme where the key is kept from the other admin).

HopelessN00b
  • 53,385
  • 32
  • 133
  • 208
  • 2
    The drawback to EFS is that the web server user would need the decryption key (and as I understand it the EFS key is tied up with the user account, so they could just change the web server account password, log in as the web server user, and read the files anyway - though I could be misunderstanding the design there) – voretaq7 Dec 05 '14 at 22:14
  • @voretaq7 Yeah, I'm not exactly clear on what he's encrypting. And whether encrypting Plesk would mess with the website, or just prevent administration of it... eww, webpanels and all that. – HopelessN00b Dec 05 '14 at 22:16
  • 1
    Also, don't forget that if the file is open in RAM in a decrypted state, the other admin can do a process dump and get the unencrypted file anyway. – austinian Dec 05 '14 at 22:37
0

Migrate your files to another server that you own... else its like keeping a safe in an airport walkway

yagmoth555
  • 16,300
  • 4
  • 26
  • 48