Getting Started
- The Features, Mission, and Principles of the Drupal Project
- The Drupal Overview
- Before You Start
- Drupal 6
- Drupal 5
- Drupal 4.7 and earlier
- Core modules
- Third Party Resources
- Upgrading from previous versions
- Troubleshoo
ting FAQ
Handbook license
The Drupal handbook pages are © 2000-2008 by the individual contributors
User login
Search downloads
Contributor links
- Advanced search
- Queues
- Patch spotlight
- Play patch bingo!
- Play bug bingo!
- Mailing list archives
- Drupal.org webmasters
- Drupal.org server administrato
rs - Web links
Locked out
This may be really basic, but I can imagine it happening to other people, so... Since the first person to login to a fresh drupal installation has full administrative privileges, the first time I installed drupal, I felt some urgency in locking down the site. After installation, I added a couple regular user accounts with less god-like powers. Under administer->access controls, I added rules to allow these specific users, and then added a rule to deny all users (except these specifically allowed users). I had assumed that the special account with uid=1 would be exempt. Wrong. As soon as I clicked the button, I found myself locked out from my own site. I then wished I had an undo button.
The equivalent of the undo button is to kill that last rule from the access table in the database. Using the mysql monitor, you can look at the access table:
mysql> select * from access;yields something like:
+-----+-------+------+--------+| aid | mask | type | status |
+-----+-------+------+--------+
| 1 | bobby | user | 1 |
| 2 | peter | user | 1 |
| 3 | greg | user | 1 |
| 4 | alice | user | 1 |
| 5 | % | user | 0 |
+-----+-------+------+--------+
To kill that last rule, you can:
delete from access where aid='5';The right way to have done this would have been to add the uid=1 superadmin account to the list of authorized users before setting the rule to deny all users. Live and learn, eh?