There is a project, for its development has been paid. When discussing the scope of work with the developer, a scandal occurred. The developer shits a little on the server: for example, stops the web server (apache2) and users "do not see" the site. I changed the root password and the root password from mysql. But the developer used git to work with the code on the server. And these git-folders, files remained. Can he through them

a) Find out the current contents of files with code on the server (for example, a configuration file with database parameters)

b) Upload changes to the server without access to root or another account?

c) How else to damage the project?

And how to fix if the answers are yes.

Thank!

  • Do you have documentary evidence that this is exactly his business? - etki
  • I know his IP, I see the history of commands in the console, I see that the last login (coinciding in time with the history of commands and stopping the server) from its IP. What is not proof? - Alex
  • why the question of whether it can harm the project by means of git but you do not mention that he has access to the server? - username
  • I apologize, I thought that this is understandable by the fact that I changed the root passwords in linux / mysql. Was wrong. - Alex
  • 3
    @Alex, do not forget to change passwords and delete authorized openssh keys for all accounts under which you can ssh-login to the server. - aleksandr barakin

1 answer 1

No, he can not. Git itself does not have and does not require any constantly running services under superuse. Accordingly, it is very unlikely that these actions are performed by this developer using git - git simply does not have access to this.

Simply put, the git repository is just a hidden folder with a bunch of service files. To work with it you need to have rights to write / read the contents of this folder. To provide faster access, the git executable file can run on the server and forward I / O from the client.

Start monitoring the traffic of this developer in order to find out what he is really doing to perform the actions you specify.

  • the user added in the comments that the developer has access to the server - username
  • 3
    @username, well, apparently using his developer and "shits", and not at all "through git" - Sergey Rufanov
  • I can be mistaken, but there are tools that allow you to make a pull from the master when comming into it. - borodatych