Posted by joel_guesclin on April 16, 2009 at 11:17am
I want to give one of my users the ability to administer Users so that he can block people if they abuse the forum on the site. However, it seems that when he has "administer user" rights then he can delete everybody even including the superuser. This seems incredibly dangerous to me - is it normal?
Comments
This should help
http://drupal.org/project/protect_critical_users
hahaha i see your concerns
well that solves half of your problems, that user can still change your username/password/email address lol
so add this to protect critical users module function>>protect_critical_users_init<< in the module so he won't be able to edit the user1(your) account
if (preg_match('#^user/([0-9]+)/edit#', $_GET['q'], $matches)) {$uid = (int)$matches[1];
if ($uid == 1) {
drupal_set_message(t('Oops! you sneaky bastard you cannot edit me hahahaha :P!', array('@uid' => $uid)), 'error');
drupal_goto('node');
}
anyway you won't be able to edit your profile too lol unless u disable the module :P
Just stumbled upon
http://drupal.org/project/permissions_lock
Might help here.
Watch this screencast for a good explanation of this whole topic: http://gotdrupal.com/videos/manage-drupal-permissions-more-easily
edit: Sorry, noticed too late that your issue is with D5. But perhaps this might help somebody else.