First user problem (user with admin role could delete my super user account)

By elbecerro on 30 Apr 2008 at 14:41 UTC

Hello, this is my first post in the drupal forums. Well, I'm building a little intranet for a client where the users with admin role can control the user management so they can edit user roles, permissions, passwords or even delete an account, when an employee leaves the company, for example. The thing is that the user list is including me, I mean, the first user, super user or whatever you want to call it.

I would like not to appear in the list, you know, it would be a sort of a problem if I'm deleted by mistake. I'm sure there must to be a way to achieve this. I've searched the forums and didn't find an answer. I've also checked some modules but for a newbie like me it feels like being lost in the jungle.

Hope somebody has the time to help me. Thanks in advance. Sorry if there is any mistake in my english... I'm from Spain... well, sort of.

Comments

I don't think an admin you

DoctorDru commented 30 April 2008 at 14:45

I don't think an admin you will assign (with super user access role) can delete your main admin account.

Why don't you try creating this super user role, then creating a dummy account with that role, then log-in with that dummy/test account, and try to see if you can delete the main admin (user #1)

DoctorDru

Believe me, that could happen

elbecerro commented 30 April 2008 at 17:09

I've tested this in a dummy installation of the intranet. I logged in as an admin user and deleted the super user account, then I tried to log in as super user and only got a message telling me that that account didn't exist.

I don't know if this could help, but I've installed Taxonomy Access control in order to give access to content based on user role. This is working ok... but I mention it only if it's somewhat useful.

The problem is the user list you access from the "users" item menu below "user management".

I hope this is not confusing.

It is true. There are even a

cog.rusty commented 30 April 2008 at 19:06

It is true. There are even a couple of modules for this:

http://drupal.org/project/userprotect
http://drupal.org/project/paranoia

Thanks a lot

elbecerro commented 3 May 2008 at 12:37

Thank you very much for your help. I'll check these.

CASE: Deleted Super User

Wolfflow commented 23 September 2008 at 03:19

CASE: Deleted Super User Account

If, by accident, you happen to delete the original "Administrator" account/user,
you will need to recreate it.

UID1 is the 'super admin' account.

Create a new account with user name and password of your choice : this account will initially be a regular user account, to be turned into an "Administrator" account following the next step.
Go to database table "users" and change the UID of this new account to "1" - You may now login to this account as the super admin account.

if you use phpmyadmin for MySql database administration, this should only take a few seconds to fix.

Note: The above only works if the "user_register" variable is *not* set to

s:1:"0";

UPDATE variable SET value = 's:1:"1";' WHERE name = 'user_register';
DELETE FROM cache WHERE cid = 'variables';

This will change your site so that you can follow the above instructions.

Cheers - Wolfflow
Share your experience with the Open Source Community.
It's not only a choice but a Life Philosophy !!! Adaccs - Do you care?
I'm a No English Native remind

Contact me for drupal projects in English, German, Italian, Drupal Hosting Support.

Wolfflow I owe you a beer

jamesialford commented 8 May 2009 at 14:07

I messed up and somehow deleted my first user account. It took me some time but I got it fixxed using your directions.

Thank you

that helped me, Wolfflow

vallab444 commented 26 April 2011 at 06:24

I could delete the superuser too!

-Vallab

Use Password remind to restore

alexku commented 14 September 2009 at 19:53

There is a simpler way to do this ... just go to password restore form and enter super admin mail.

But in my case I had to restore from database backup because all pages and blocks created by super admin were not being displayed. Uid=1 in all database tables changed to uid=0.

I think this is a serious problem ... users should not have the permission to delete super admin

UPDATE: Used trigger below to ugly-fix the problem in MySQL 5 .... maybe someone will come up with a better solution

DELIMITER $
CREATE TRIGGER delete_super_admin_restrict
BEFORE DELETE ON users
FOR EACH ROW
BEGIN
SET @dummy = 0;
IF old.uid = 1 THEN
SELECT Cannot_delete_super_admin INTO @dummy FROM users;
END IF;
END$
DELIMITER ;

I used these modules and

afaaro commented 24 June 2010 at 11:45

I used these modules and worked fine

http://drupal.org/project/role_delegation
http://drupal.org/project/administerusersbyrole

Quick question

bryancasler commented 29 June 2010 at 20:13

Hey afaaro, how did you get around the fact that users can't edit themselves? I'm using both those modules trying to achieve the same effect. I've posted an issue on this question here. #840836: Can't edit yourself.