Re: [cpx] Quotas (was Separation of Roles)

[Ricardo Newbery <newbery@xxxxxxxxxxx>]

At 4:28 PM -0500 1/29/06, Norman R. Prevett wrote:
> Hi:
>
> In the end it's a marketing issue. We sell the DA some space 10 MB, 
> 100 MB, 10 GB, whatever and let him carve it as needed. Multiple 
> "roles" might support other sales models but would complicate things 
> for most DAs. I think if a DA needs that level of control, sell him 
> a whole VPS and make him the SA.


I can appreciate this argument.  However, I would like to adopt this 
new CPX tool in order to *increase* my marketing flexibility, not 
decrease it.  Perhaps I'm being curmudgeonly but I prefer to have my 
marketing strategy dictate which tools I can adopt, not the other way 
around.

With the CPX model, I sell the DA some space and then I have to try 
to explain that half of that space is a fixed allocation on the main 
account and that they really only have control over the second half 
which they can allocate among their end users, if they have any -- 
end users who usually just need some modest email accounts.  Okay. 
Sounds a little weird and vaguely arbitrary but I can do that.

Again though, I'm actually more concerned about the quota issue from 
the server resource allocation point of view.  This model would seem 
to result in less domains that can be hosted on each VPS and overall 
underutilized disk space since much of it would essentially be 
"excess" allocation.

But maybe with the new disk space increases people are feeling they 
have lots of room to waste?  Okay.  I can appreciate this also.

It's sort of interesting how this thread went careening off on this 
side issue.  This quota allocation issue is a relatively minor quirk. 
Slighting annoying but I can live with it.  On the other hand, the 
lack of separation of roles may be a deal stopper for some of my 
Domain Admins.  Many DA's have other people maintain the domain's web 
site.  With the current CPX model, I can't easily segregate the 
people with website editing privileges from the rest of the domain 
management tools.  And since I can't turn off the DA's Mail privilege 
without interfering with the DA's ability to grant Mail privileges, 
the DA's email account would also be viewable by anyone the DA wishes 
to give website editing access.

And isn't anyone concerned about using the same account for email and 
web files?  Email passwords get passed around in the clear all the 
time.  People check their email from all sorts of insecure 
environments.  I can enforce SSL for the web interface, SSH for shell 
access, and SFTP or SCP for file transfer but few customers want to 
deal with the hassle of secure email setups.  So you learn to live 
with insecure email but you put the email accounts in a safe sandbox. 
Not being able to disable email for the DA account is a serious 
security problem.

Ric


======================================================================
This is <cpx@xxxxxxxxxxxxx>      <http://www.groupmail.org/lists/cpx/>
Before posting a question, please search the archives (see above URL).