Prevent a customer from deleting their own mail domain/site

Discussion in 'General' started by ispcomm, Nov 18, 2013.

  1. ispcomm

    ispcomm Member

    Is there a way to prevent a customer from deleting their own domain and/or site?

    I'm a little afraid on how easy it is to delete a whole domain, including all mailboxes and the mail store in there.

  2. till

    till Super Moderator Staff Member ISPConfig Developer

    When you create a website as admin user for a customer, then the customer can not delete the site or email domain on its own. The customer can delet sites only when he added them himself.
  3. Quaxth

    Quaxth New Member

    Question of Ownership

    It's all about a question of Ownership and Security!

    Normally, it's Owners responsibility for to take care of his Security measures! It's simply his right to be able to delete what ever he want if it's his property and that includes Mail and Domains!
    Personally I wouldn't ever use an 3rd party service which will prevent me for to do with my property what I like to to do even if it'e done by mistakes, error or whatsoever! And I would never control personal data of any of my customers, if he not ask me to do just that!
    OK, I understand your concern, but that's something what is allowed for you to do, except, you have an direct order from your customer.

    Only thing what you could and maybe should do do, is to let sign every customers an acknowledgement/agreement that they did have to take care for their Security of data and else on their own and that you're out of any responsibility. Only exception would be if they breach any existing law like copyright, software piracy and other.

    Think about that your Hoster/Service Provider would prevent you to do with your property what you like?!
  4. ispcomm

    ispcomm Member

    I created a domain for a client as admin, and indeed, the client cannot delete the domain.

    the table ended up being like this:

    | domain_id | sys_userid | sys_groupid | sys_perm_user | sys_perm_group | sys_perm_other | server_id | domain          | active |
    |       365 |          1 |           9 | riud          | ru             |                |         7 | | y      |
    Please bear with me as I try to decode the above table:
    The sys_userid 1 is the id of the admin user. This is the real owner of the domain.
    The Sys_groupid 9 is the group to which the client (client_id) belongs.

    The permission system mimics unix style permissions, where

    -) the owner (system user) can (r)ead, (i)???, (u)update and (d)elete the domain.

    -) The group (to which the user belongs) can (r)ead and (u)pdate but not delete an (i)????

    -) Others have no permissions.

    A domain will be visible in the "user panel" when the user has at least read permissions to it. Otherwise it will be hidden.

    Is the above correct?

    What is the (i) permission ?

    Thank you.

Share This Page