lists wrote:
Hey everyone... I have been going over the replies this morning, and I know there is a lot of opinion regarding what a sys admin should know and so on. The PRIMARY reason we are looking at these packages is not for our selves (the sys admins), but rather to offer an interface to hosted customers for some basic functions like adding mail users,
isnt this more of a reason why you would want to have a system in place that, alteast, lets you update the machines with security fix's as soon as they are available ? cPanel and Plesk both have major issues in this regard. Are you sure you want to leave control of major functions upto the users, on an unpatched machine - live on the internet ?
If its a question of managing email accounts, mysql db's etc you should mostly be ok with pretty much any system that works with config's and packages from the distro - that way you can use the update system included in CentOS ( Most of your security concerns will be the code that these users run on your machine, which - lets face it - no matter how you admin the box, they are going to run anyway ).
To illustrate my point ; what is the latest version of CentOS4 and CentOS3 supported by either cPanel or Plesk ? What is the present situation with the CVE's from the last few months on machines that run these systems.
Now would be a good time for someone with an @cpanel.com and @swsoft.com email address to join the thread.
- KB