Delete anything on the server? Take control of the server?
Yes. Yes.
I would think most if not all ISP's have set up the file permissions in
such a way that root permission is required for that. Installing MC
is not going to give users additional permissions that they would not
have anyway. Right?
Setting the permission can help to curb some trouble, but *back in the day* it was possible to get admin status by using cgi's to place stealthy scripts in strategic locations on the server. This is very hard to do today with wrappers in place, many crackers jumped to Java and Javascripts when wrappers got too smart for them. Java was new, and everyone wanted it but it provided the exact same problems as cgi's, so special measures had to be taken to safeguard the servers against that too. See what I mean?
There are ways around anything, it would be a fluke for a cracker to find *your* server running mc, and then another fluke if he even knew how to program metatalk. Then another fluke if they were even interested in finding a way to use mc to break the server or at the very least wipe out your existence on it. It's very remote that anything will happen.
But my point was not - "don't install mc" - it was "don't do it without informing the server admin". Just common courtesy.
You make a point of telling people their car's gas tank "may" explode while driving but that doesn't stop them from driving anyway. Your point is based on what a driver knows about their environment, to put it another way, what if a passenger came along and placed a flaming rag into the gas nozzle and got into the car with the driver without telling them. Two scenarios: A) Tell the driver, who promptly freaks out B) Car may/may not explode.
As a server admin, I like it when my clients inform me of any executable they install on the server. That's all I'm saying, I'm sure the other admins would like to know also.
