Closed (duplicate)
Project:
Drupal core
Version:
6.6
Component:
user.module
Priority:
Normal
Category:
Support request
Assigned:
Reporter:
Created:
7 Feb 2006 at 06:24 UTC
Updated:
1 Nov 2008 at 23:04 UTC
According to http://drupal.org/node/32669, the "administer users" permission was created to allow certain roles to manage users without being able to change the access control or roles, and promote themselves.
However, nothing is stopping them from changing the password or E-Mail address on UID 1, and then logging in as the superuser, as pointed out in http://drupal.org/node/39392.
This patch corrects that by only allowing UID 1 to edit UID 1.
| Comment | File | Size | Author |
|---|---|---|---|
| usermodule.patch | 1.79 KB | Steve Simms |
Comments
Comment #1
Steve Simms commentedComment #2
Crell commentedThis is a dupe. :-)
http://drupal.org/node/39636
Comment #3
Steve Simms commentedAha. Ok, I might argue the resolution, but I can't argue that it isn't a duplicate. :-)
Oh well. It makes sense to me, so I'll keep it in my version.
Thanks!
Steve
Comment #4
sangamreddi commentedLooking for this solution. I'll test it report back here.
Comment #5
Crell commentedActually I'd much rather see that patch (or this one, they're very similar) go in. I mentioned it in another thread as well. UID 1 should be extra-safe from others, because it's the site owner's trump card.
If you can think of a way to convince Dries, please share.
Comment #6
the1who commentedHas this been resolved with 6.6 version?
Or is this something I still need to apply a patch to?
edit: I mean, this is a really outdated support request, but I am figuring that if this was back in 2006, it most likely is included, but I wanted to ask first to make sure before i open up my moderators to help with user registration. Thanks!
Thanks in advance.
Matt