/ BLOG / Decommissioning users
Until a few weeks ago my personal server was with a “little” company called UK2.net. After the monthly prices got hiked again for a 3 year old Pentium D box, I decided that it was time to move on.
The move went fine, and all was good; no further billing from UK2. Yet I still have access to the box. Now I’m not sure if I should be telling them how to do their job, but it does seem a bit insecure allowing access to something not being paid for. If I was a less honest person it could be quite a fun machine (answers on a postcard).
Naturally I had wiped all of my content, accounts, and effectively removed all additional packages that I’d installed, so perhaps they could’ve confused it with a clean system. However, this just isn’t the case as the root and other account details were reset to something produced by pwgen.
I would like to say that I’m being unreasonable, but knowing the procedures that we take care of for even our smallest clients at work, I know that I’m not. As a generalisation people are not trustworthy and you cannot guarantee that once they leave they will not attempt to regain access, and potentially damage, a system.
If you’ve not got a working procedure for departing staff, customers, or equipment then I suggest you make one and stick to it religiously, ensuring that all departments are aware of what they need to communicate and when.