How do I give access to developer but keep control of the account?

Posted April 8, 2015 8.1k views

I opened up the account and have a developer who is working on the website. I predict that he will be apart of my team long-term. I gave him temporarily the credentials to the account until I find a way to give him access but keep everything under my name. Currently I have created a ssh key in github and he somehow connected it to my account. So he does also have ssh access.

What can I do?

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Submit an Answer
2 answers

You could “adduser staff1” which would be for the other developer and then allow him to use sudo or not. You could then chown him to only certain folders (By default he can only do stuff in his directory, so if you want him to access other folders in the system you’d need to chown him to then.

  • If I enable two-factor authentication and give him ssh access sudo to every directory, will that work? So he would still have access to everything but he could not mess with the account.

  • Giving him sudo access means that he can ‘become’ root whenever he wants to, which means that he would have the same level of access as you. However, since the droplet is hosted under your account, (assuming he does not have access to your DigitalOcean account), you can reset your droplet’s root password at any time, log in via the Remote Console, and revoke his permissions. To be honest, I wouldn’t give root/sudo access to someone who I do not fully trust.

Thanks for your quick response.
I thought about that but the problem is he is much more versed in Linux then I am. I am a web developer and web project manager. So if I ever had a problem on the linux side then he would be the person to go to. There is going to be a huge social network at this site so I just want to cover my back and want to control everything since it is my company.

Even if I just changed the credentials to my account he would still have master access via the ssh key.

Is there any other way. If I make it to where I have master access and have him use sudo, he would still have access to everything, right?